Severity: Critical
CVSS Score: 9.8
Gitea before 1.17.3 does not sanitize and escape refs in the git backend. Arguments to git commands are mishandled.