CVE-2021-29134

Name

CVE-2021-29134

Description

The avatar middleware in Gitea before 1.13.6 allows Directory Traversal via a crafted URL.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

Exploits

Forges

GitHub (code, issues), Aports (code, issues)

References

Type	URI
MISC	https://github.com/go-gitea/gitea/releases/tag/v1.13.6
MISC	https://github.com/go-gitea/gitea/releases
MISC	https://github.com/go-gitea/gitea/pull/15125/files

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:gitea:gitea::::::::`	gitea	>= None	< 1.13.6

Source package	Branch	Version	Maintainer	Status
gitea	edge-community	1.13.6-r0	None	fixed
gitea	edge-community	1.13.6	None	fixed
gitea	3.22-community	1.13.6-r0	None	fixed
gitea	3.21-community	1.13.6-r0	None	fixed
gitea	3.20-community	1.13.6-r0	None	fixed
gitea	3.19-community	1.13.6-r0	None	fixed
gitea	3.18-community	1.13.6-r0	None	fixed
gitea	3.17-community	1.13.6-r0	None	fixed