3 matches found
CVE-2021-21244
creationtimestamp| type| source ---|---|--- 2021-01-15 22:51:09+00:00| seen| https://t.me/cibsecurity/22219...
CVE-2021-21244
CVE-2021-21244 affects OneDev before version 4.0.3. A pre-auth server-side template injection occurs via tampering with Bean validation messages, enabling SSTI. The root cause is failure in validation message handling that allows interpolation to be exploited. The issue was fixed in 4.0.3 by disa...
CVE-2021-21244 Pre-Auth SSTI via Bean validation message tampering
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, There is a vulnerability that enabled pre-auth server side template injection via Bean validation message tampering. Full details in the reference GHSA. This issue was fixed in 4.0.3 by disabling validation interpolation...