CVE-2021-31864

Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows attackers to bypass the addissuenotes permission requirement by leveraging the incoming mail handler...

EUVD-2021-18739

Malware in sbrugna...

BIT-REDMINE-2021-31864

Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows attackers to bypass the addissuenotes permission requirement by leveraging the incoming mail handler...

CVE-2021-31864

Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows attackers to bypass the addissuenotes permission requirement by leveraging the incoming mail handler...

CVE-2021-31864

Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows attackers to bypass the addissuenotes permission requirement by leveraging the incoming mail handler...

DEBIAN-CVE-2021-31864

Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows attackers to bypass the addissuenotes permission requirement by leveraging the incoming mail handler...

Authentication flaw

Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows attackers to bypass the addissuenotes permission requirement by leveraging the incoming mail handler...

CVE-2021-31864

Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows attackers to bypass the addissuenotes permission requirement by leveraging the incoming mail handler...

UBUNTU-CVE-2021-31864

Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows attackers to bypass the addissuenotes permission requirement by leveraging the incoming mail handler...

CVE-2021-31864

CVE-2021-31864 affects Redmine: upstream versions pre-4.0.9, pre-4.1.3 (4.1.x), and pre-4.2.1 (4.2.x) are vulnerable to an access-restriction bypass via the incoming mail handler, allowing bypass of add_issue_notes permissions. Public sources confirm the issue and list affected releases; Debian L...

CVE-2021-31864

Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows attackers to bypass the addissuenotes permission requirement by leveraging the incoming mail handler...

Redmine 安全特征问题漏洞

Redmine is a set of open source Web-based project management and defect tracking tools . The product provides project management , issue tracking and role-based access control and other features . A security feature issue vulnerability exists in Redmine versions prior to 4.0.9, 4.1.x series...

Processing malformed PNG by incoming mail handler causes OOM and blocks queue

There are two problems: 1. OOM 2. Incoming email processing is blocked Looks like this is similar problem to JRA-35816, fixed in atlassian-core, but mail handler does not use atlassian-core. It affects production OnDemand, all instances. codejava.lang.OutOfMemoryError: Java heap space Dumping hea...