Post B1dy6J8TqeSlG8bJJ2 by cR0w@infosec.exchange
 (DIR) More posts by cR0w@infosec.exchange
 (DIR) Post #B1dy6J8TqeSlG8bJJ2 by cR0w@infosec.exchange
       2025-12-26T14:49:14Z
       
       1 likes, 0 repeats
       
       Forgejo whoopsie.https://www.cve.org/CVERecord?id=CVE-2025-68937Forgejo before 13.0.2 allows attackers to write to unintended files, and possibly obtain server shell access, because of mishandling of out-of-repository symlink destinations for template repositories. This is also fixed for 11 LTS in 11.0.7 and later.