FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

gitea -- Disallow dangerous URL schemes

Affected packages
gitea < 1.20.1

Details

VuXML ID ab0bab3c-2927-11ee-8608-07b8d3947721
Discovery 2023-06-18
Entry 2023-07-23

The Gitea team reports:

Disallow javascript, vbscript and data (data uri images still work) url schemes even if all other schemes are allowed

[source]

References

URL https://blog.gitea.com/release-of-1.20.1
URL https://github.com/go-gitea/gitea/releases/tag/v1.20.1

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.