Description
Gitea versions up to and including 1.25.4 allow redirect bypasses through raw or percent-encoded backslashes in redirect_to values.
Problem types
Product status
Any version
Credits
quirmz
References
github.com/.../gitea/security/advisories/GHSA-j5r2-4c8j-xc3m
github.com/.../gitea/security/advisories/GHSA-j5r2-4c8j-xc3m (GitHub Security Advisory)
github.com/go-gitea/gitea/pull/36660 (GitHub Pull Request #36660)
github.com/go-gitea/gitea/pull/36716 (GitHub Pull Request #36716)
github.com/go-gitea/gitea/releases/tag/v1.25.5 (Gitea v1.25.5 Release)
blog.gitea.com/release-of-1.25.5/ (Gitea v1.25.5 Release Blog Post)