Niklas974

**Name of the Vulnerable Software and Affected Versions** Gitea versions 1.1.0 through 1.12.5 **Description** The git hook feature in Gitea might allow for authenticated remote code execution in customer environments where the documentation was not understood. The vendor has indicated this is not a vulnerability, stating it is a functionality of the software limited to a very limited subset of accounts, and that clear warnings are provided to users around this functionality. **Recommendations** For Gitea versions 1.1.0 through 1.12.5, consider disabling the git hook feature to minimize the risk of exploitation, as it may allow for authenticated remote code execution. Ensure that the documentation regarding the git hook feature is thoroughly understood, and warnings around its functionality are clearly acknowledged. At the moment, there is no information about a newer version that contains a fix for this issue.