CVE-2021-21248
CVE-2021-21248 affects OneDev before 4.0.3. The vulnerability lies in the build endpoint parameters via InputSpec, which uses dynamically generated Groovy classes; an attacker who controls job parameters can inject Groovy code, leading to arbitrary code execution through a static constructor on t...