2 matches found
CVE-2021-21247
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, the application's BasePage registers an AJAX event listener AbstractPostAjaxBehavior in all pages other than the login page. This listener decodes and deserializes the data query parameter. We can access this listener by...
CVE-2021-21247
OneDev before 4.0.3 embeds an AJAX event listener (AbstractPostAjaxBehavior) on all pages except login, which decodes/deserializes the data parameter via POST. This authenticated vulnerability can be triggered by a logged-in user and may lead to post-auth RCE. The issue is mitigated in version 4....