go-gitea/gitea

Internal Server error when doing a POST with invalid emails on /v1/user/emails

ludovicianul opened this issue · 0 comments

ludovicianul commented

Description

While doing some fuzzing using https://github.com/Endava/cats I discovered an issue for the /v1/user/emails endpoint. Doing a POST with an invalid email address results in a 500, rather that something more meaningful.

You can reproduce the issue using (just replace $token with your own token):

cats replay Test228.json

Or using the payload:

{
  "emails": [
    "yCUjse4J",
    "yCUjse4J"
  ],
  "catsFuzzyField": "catsFuzzyField"
}

Test228.json.zip

Gitea Version

1.17.0+dev-423-g4396d0e7c

Can you reproduce the bug on the Gitea demo site?

Yes

Log Gist

No response

Screenshots

No response

Git Version

No response

Operating System

No response

How are you running Gitea?

Using https://try.gitea.io/.

Database

No response