GHSA-7jvx-g65v-r899unknown

Gitea versions before 1.25.5 use release tag names and asset names as filesystem path components...

Published
July 3, 2026
Last Modified
July 3, 2026

🔗 CVE IDs covered (1)

📋 Description

Gitea versions before 1.25.5 use release tag names and asset names as filesystem path components when dumping release assets, allowing specially crafted names to affect dump output paths.

🔗 References (6)