CVE-2019-11228

repo/setting.go in Gitea before 1.7.6 and 1.8.x before 1.8-RC3 does not validate the form.MirrorAddress before calling SaveAddress.
Source: NIST
CVE-2019-11228