First published: Tue Mar 15 2022(Updated: )
The avatar middleware in Gitea before 1.13.6 allows Directory Traversal via a crafted URL.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Gitea Gitea | <1.13.6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2021-29134.
The severity of CVE-2021-29134 is medium.
CVE-2021-29134 affects Gitea versions up to and including 1.13.6.
The CWE for CVE-2021-29134 is CWE-22.
To fix CVE-2021-29134, update Gitea to version 1.13.6 or later.