Affected by GO-2024-3056 and 7 other vulnerabilities

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4266: Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

internal

package

v1.21.5 Latest Latest Go to latest Published: Feb 1, 2024 License: MIT Imports: 0 Imported by: 0

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/go-gitea/gitea

Documentation ¶

Index ¶

type CmdArg

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type CmdArg ¶

type CmdArg string

CmdArg represents a command argument for git command, and it will be used for the git command directly without any further processing. In most cases, you should use the "AddXxx" functions to add arguments, but not use this type directly. Casting a risky (user-provided) string to CmdArg would cause security issues if it's injected with a "--xxx" argument.

Source Files ¶

View all Source files

cmdarg.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL