x/vulndb: potential Go vuln in github.com/go-gitea/gitea: CVE-2022-42968

[GoVulnBot]

CVE-2022-42968 references github.com/go-gitea/gitea, which may be a Go module.

Description:
Gitea before 1.17.3 does not sanitize and escape refs in the git backend. Arguments to git commands are mishandled.

References:

• NIST: https://nvd.nist.gov/vuln/detail/CVE-2022-42968
• JSON: https://github.com/CVEProject/cvelist/tree/35191c8c61137b96b35785a94e7afea7f7469333/2022/42xxx/CVE-2022-42968.json
• fix: Sanitize and Escape refs in git backend (#21464) go-gitea/gitea#21463
• web: https://github.com/go-gitea/gitea/releases/tag/v1.17.3
• Imported by: https://pkg.go.dev/github.com/go-gitea/gitea?tab=importedby

See doc/triage.md for instructions on how to triage this report.

modules:
  - module: github.com/go-gitea/gitea
    packages:
      - package: n/a
description: |
    Gitea before 1.17.3 does not sanitize and escape refs in the git backend. Arguments to git commands are mishandled.
cves:
  - CVE-2022-42968
references:
  - fix: https://github.com/go-gitea/gitea/pull/21463
  - web: https://github.com/go-gitea/gitea/releases/tag/v1.17.3

[gopherbot]

Change https://go.dev/cl/443642 mentions this issue: data/excluded: add GO-2022-1065.yaml for CVE-2022-42968

[gopherbot]

Change https://go.dev/cl/592774 mentions this issue: data/reports: unexclude 50 reports