A security issue was reported in cgit, with an upstream response here:
It says to expect a patch tomorrow.
Fixed in Cauldron in cgit 1.2.1-4
Packages for Mga6:
the fixed package is also installed on Mageia gitweb host