CVE-2021-29134

The avatar middleware in Gitea before 1.13.6 allows Directory Traversal via a crafted URL. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt