CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2021-21244

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0200%
EPSS Percentile27.04th
Published2021年1月15日
Last Modified2024年11月21日

Vulnerability Description

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, There is a vulnerability that enabled pre-auth server side template injection via Bean validation message tampering. Full details in the reference GHSA. This issue was fixed in 4.0.3 by disabling validation interpolation completely.

Affected Platforms (CPE)

📦
Onedev Project

Onedev

< 4.0.3

References & Advisories

🔗 https://github.com/theonedev/onedev/commit/4f5dc6fb9e50f2c41c4929b0d8c5824b2cca3d65
🔗 https://github.com/theonedev/onedev/security/advisories/GHSA-vm26-xg39-cfj4
🔗 https://github.com/theonedev/onedev/commit/4f5dc6fb9e50f2c41c4929b0d8c5824b2cca3d65
🔗 https://github.com/theonedev/onedev/security/advisories/GHSA-vm26-xg39-cfj4

相關漏洞威脅

CVE-2021-2124310.0

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, a Kubernetes REST endpoint exposes two methods that deser...

CVE-2021-2124210.0

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-a...

CVE-2021-2124510.0

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (...

CVE-2021-212479.6

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the application's BasePage registers an AJAX event listen...