5 matches found
PT-2026-55594
Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.25.5 Description Improper path resolution occurs during the generation of template repositories. This allows template processing to read or write data through symlinks or other non-regular paths, potentially leading t...
CVE-2025-68937
Forgejo before 13.0.2 allows attackers to write to unintended files, and possibly obtain server shell access, because of mishandling of out-of-repository symlink destinations for template repositories. This is also fixed for 11 LTS in 11.0.7 and later...
UNIX Symbolic Link (Symlink) Following
Overview Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following via the mishandling of symlink destinations while evaluating template repos. An attacker can write to unintended files and potentially gain shell access on the server by creating out-of-repository...
UNIX Symbolic Link (Symlink) Following
Overview Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following via the mishandling of symlink destinations while evaluating template repos. An attacker can write to unintended files and potentially gain shell access on the server by creating out-of-repository...
PT-2025-53429
Name of the Vulnerable Software and Affected Versions Forgejo versions prior to 13.0.2 Forgejo version 11.0.7 and later Description The software contains a flaw related to the handling of symlinks within template repositories. This mishandling could allow attackers to write to unintended files,...