CVE-2021-45327
unknown
CVSS v3
โ
CVSS v4 NEW
โ
VIR risk
โ
Description
Capture-replay in Gitea in code.gitea.io/gitea
Predictions
Exploit likelihood
30%
Patch ETA
โ
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Package impact
| Ecosystem | Package | Vulnerable | Fixed |
|---|---|---|---|
| Go | github.com/go-gitea/gitea | <1.11.2 | 1.11.2 |
| Go | code.gitea.io/gitea | <1.11.2 | 1.11.2 |
References
- https://nvd.nist.gov/vuln/detail/CVE-2021-45327
- https://github.com/go-gitea/gitea/pull/10462
- https://github.com/go-gitea/gitea/pull/10465
- https://github.com/go-gitea/gitea/pull/10582
- https://github.com/go-gitea/gitea/commit/4cb18601ff33dda5edb47d5b452cc8f2dc39dd67
- https://github.com/go-gitea/gitea/commit/6f5656ab0ebec03fe63898208dabc802c4be46ab
- https://github.com/go-gitea/gitea/commit/ed664a9e1dae4d4660e60c981173bbc5102e69ea
- https://blog.gitea.io/2020/03/gitea-1.11.2-is-released
- https://github.com/go-gitea/gitea
- https://github.com/advisories/GHSA-jrpg-35hw-m4p9
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.