Gitea before 1.17.3 does not sanitize and escape refs in the git backend. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
Information Disclosure
Gitea
NVD
GitHub
CVSS 3.1
9.8
EPSS
1.1%