Gitea is an open source community-driven clone of Gogs, a popular Git self-hosting service. a directory traversal vulnerability exists on Gitea that could be exploited to allow an attacker to make the avatar middleware in Gitea allow directory traversal via crafted URLs.