CVE-2021-45327
First published: Tue Feb 08 2022(Updated: )
Gitea before 1.11.2 is affected by Trusting HTTP Permission Methods on the Server Side when referencing the vulnerable admin or user API. which could let a remote malisious user execute arbitrary code.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Gitea Gitea | <1.11.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-45327?
CVE-2021-45327 is a vulnerability in Gitea before version 1.11.2 that allows a remote malicious user to execute arbitrary code by exploiting the trust of HTTP permission methods on the server side when referencing the vulnerable admin or user API.
What software is affected by CVE-2021-45327?
Gitea versions before 1.11.2 are affected by CVE-2021-45327.
What is the severity of CVE-2021-45327?
CVE-2021-45327 has a severity rating of 9.8, which is considered critical.
How can a remote malicious user exploit CVE-2021-45327?
A remote malicious user can exploit CVE-2021-45327 by referencing the vulnerable admin or user API and exploiting the trust of HTTP permission methods on the server side.
Is there a fix for CVE-2021-45327?
Yes, upgrading Gitea to version 1.11.2 or later will fix the CVE-2021-45327 vulnerability.
- collector/nvd-api
- collector/nvd-index
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/remedy
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- vendor/gitea
- canonical/gitea gitea