Gitea versions before 1.25.5 accept malformed or injected forwarded-proto values when detecting public URLs, allowing spoofed canonical URL generation.
Get an AI-powered plain-language explanation of this vulnerability and remediation steps.
Login to generate AI explanation4 reference(s) from NVD