Gitea versions before 1.25.5 lack validation constraints for repository creation fields, including length-limited template fields and trust model or object format values.
| Vendor | Product | Versions |
|---|---|---|
| gitea | gitea open source git server | 0 |
Downstream vendors/products affected by this vulnerability
| Vendor | Product | Source | Confidence |
|---|---|---|---|
| open source | gitea | cert_advisory | 90% |
Updated affected versions to include 1.25.4, changed severity to HIGH, and noted that no exploit exists.
Initial creation