CVE-2021-29134

CVE-2021-29134

EPSS 1.3%

The avatar middleware in Gitea before 1.13.6 allows Directory Traversal via a crafted URL.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/go-gitea/gitea/pull/15125/files https://github.com/go-gitea/gitea/releases/tag/v1.13.6