First published: Tue Feb 08 2022(Updated: )
Gitea before 1.11.2 is affected by Trusting HTTP Permission Methods on the Server Side when referencing the vulnerable admin or user API. which could let a remote malisious user execute arbitrary code.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Gitea Gitea | <1.11.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-45327 is a vulnerability in Gitea before version 1.11.2 that allows a remote malicious user to execute arbitrary code by exploiting the trust of HTTP permission methods on the server side when referencing the vulnerable admin or user API.
Gitea versions before 1.11.2 are affected by CVE-2021-45327.
CVE-2021-45327 has a severity rating of 9.8, which is considered critical.
A remote malicious user can exploit CVE-2021-45327 by referencing the vulnerable admin or user API and exploiting the trust of HTTP permission methods on the server side.
Yes, upgrading Gitea to version 1.11.2 or later will fix the CVE-2021-45327 vulnerability.