FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

gitea -- avoid open HTTP redirects

Affected packages
gitea < 1.19.4

Details

VuXML ID 8ea24413-1b15-11ee-9331-570525adb7f1
Discovery 2023-06-08
Entry 2023-07-05

The Gitea team reports:

If redirect_to parameter has set value starting with \\example.com redirect will be created with header Location: /\\example.com that will redirect to example.com domain.

[source]

References

URL https://blog.gitea.io/2023/07/gitea-1.19.4-is-released/
URL https://github.com/go-gitea/gitea/releases/tag/v1.19.4

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.