CVE-2021-29134

MEDIUM5.3EPSS 0.22%

Path Traversal in Gitea in code.gitea.io/gitea

Published: 3/16/2022Modified: 4/3/2025

Also known as:GHSA-h3q4-vmw4-cpr5BIT-gitea-2021-29134GO-2022-0353

Description

The avatar middleware in Gitea before 1.13.6 allows Directory Traversal via a crafted URL.

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N