Gitea versions before 1.25.5 use release tag names and asset names as filesystem path components when dumping release assets, allowing specially crafted names to affect dump output paths.
References
Configurations
No configuration.
History
07 Jul 2026, 18:16
| Type | Values Removed | Values Added |
|---|---|---|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
03 Jul 2026, 21:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-07-03 21:16
Updated : 2026-07-07 18:16
NVD link : CVE-2026-28705
Mitre link : CVE-2026-28705
CVE.ORG link : CVE-2026-28705
JSON object : View
Products Affected
No product.
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
