5 matches found
CVE-2021-31866
Redmine before 4.0.9 and 4.1.x before 4.1.3 allows an attacker to learn the values of internal authentication keys by observing timing differences in string comparison operations within SysController and MailHandlerController...
EUVD-2017-7022
Malware in sbrugna...
EUVD-2017-7024
Malware in sbrugna...
EUVD-2021-15911
Malware in sbrugna...
Code injection
In Redmine before 3.2.8, 3.3.x before 3.3.5, and 3.4.x before 3.4.3, XSS exists in app/helpers/querieshelper.rb via a multi-value field with a crafted value that is mishandled during rendering of an issue list...