CVE-2021-29134 — Path Traversal in Gitea

Severity

5.3MEDIUMNVD

EPSS

0.3%

top 43.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Timeline

PublishedMar 15

Latest updateAug 21

Description

The avatar middleware in Gitea before 1.13.6 allows Directory Traversal via a crafted URL.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

▶NVDgitea/gitea< 1.13.6

OSV

Path Traversal in Gitea in code.gitea.io/gitea↗2024-08-21

▶

GHSA

Path Traversal in Gitea↗2022-03-16

▶

OSV

Path Traversal in Gitea↗2022-03-16

▶