Affected by GO-2024-3056 and 16 other vulnerabilities

GO-2024-3056: Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea

GO-2025-4258: Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea

GO-2025-4261: Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea

GO-2025-4263: Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea

GO-2025-4264: Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea

GO-2025-4267: Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea

GO-2025-4268: Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

GO-2026-4274: Gitea's /api/v1/user endpoint has different responses for failed authentication depending on whether a username exists in code.gitea.io/gitea

GO-2026-4362: Gitea improperly exposes issue and pull request titles in code.gitea.io/gitea

GO-2026-4363: Gitea does not properly validate repository ownership when deleting Git LFS locks in code.gitea.io/gitea

GO-2026-4364: Gitea does not properly validate repository ownership when linking attachments to releases in code.gitea.io/gitea

GO-2026-4365: Gitea may send release notification emails for private repositories to users whose access has been revoked in code.gitea.io/gitea

GO-2026-4366: Gitea does not properly verify authorization when canceling scheduled auto-merges via the web interface in code.gitea.io/gitea

GO-2026-4367: Gitea has improper access control for uploaded attachments in code.gitea.io/gitea

GO-2026-4368: Gitea improperly exposes issue titles and repository names through previously started stopwatches in code.gitea.io/gitea

GO-2026-4369: Gitea does not properly validate ownership when toggling OpenID URI visibility in code.gitea.io/gitea

GO-2026-4370: Gitea does not properly validate project ownership in organization project operations in code.gitea.io/gitea

types

package

v1.21.11 Latest Latest Go to latest Published: Apr 16, 2024 License: MIT Imports: 0 Imported by: 4

Details

Valid go.mod file
Redistributable license
Tagged version
Stable version
Learn more about best practices

Repository

github.com/go-gitea/gitea

Documentation ¶

Index ¶

type ResponseStatusProvider

Constants ¶

This section is empty.

Variables ¶

This section is empty.

Functions ¶

This section is empty.

Types ¶

type ResponseStatusProvider ¶

type ResponseStatusProvider interface {
	WrittenStatus() int
}

ResponseStatusProvider is an interface to get the written status in the response Many packages need this interface, so put it in the separate package to avoid import cycle

Source Files ¶

View all Source files

response.go

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL