Forgejo 11.0.0-11.0.6 and 12.0.0-13.0.1 - Arbitrary File Write via Template Repository Symlink Handling
Forgejo before 13.0.2 allows attackers to write to unintended files, and possibly obtain server shell access, because of mishandling of out-of-repository symlink destinations for template repositories. This is also fixed for 11 LTS in 11.0.7 and later.