CVE-2021-21244
Published
CVSS v3
10
CRITICAL
CVSS v2
7.5
HIGH
Affected
1
PROJECT
Description
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, There is a vulnerability that enabled pre-auth server side template injection via Bean validation message tampering. Full details in the reference GHSA. This issue was fixed in 4.0.3 by disabling validation interpolation completely.
Git Server with CI/CD, Kanban, and Packages. Seamless integration. Unparalleled experience.
GitHub