@alestorm980

Description

Security Contact Request

Our security research team has identified a potential vulnerability in your software that we would like to report through a responsible disclosure process.

We tried contacting you security@gitea.io as listed in your SECURITY.md and official contact site, but did not receive a reply.

Additional context

• Security vulnerability details will be shared privately once contact is established.
• Our responsible disclosure policy typically requires public disclosure after a set period without vendor response.
• To ensure this finding reaches the appropriate team members, could you please:
  • Provide a security contact email address where we can send the vulnerability details, or
  • Consider updating your SECURITY.md file in your repository with the updated contact information.
• You can reach our security research team at research@fluidattacks.com

We're trying to work with you on this and would prefer coordinated disclosure over public disclosure.

Gitea Version

1.24.5

Can you reproduce the bug on the Gitea demo site?

Yes

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

No response

How are you running Gitea?

.

Database

None