CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-21242

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which can lead to pre-auth remote code execution. AttachmentUploadServlet deserializes untrusted data from the `Attachment-Support` header. This Servlet does not enforce any authentication or authorization checks. This issue may lead to pre-auth remote code execution. This issue was fixed in 4.0.3 by removing AttachmentUploadServlet and not using deserialization

Exploit prediction scoring system (EPSS) score

EPSS Score 0.404

EPSS Ranking 97.2%

CVSS Severity

CVSS v3 Score 10.0

CVSS v2 Score 7.5

References

Products affected by CVE-2021-21242

Onedev Project » Onedev » Version: 2.0.0

cpe:2.3:a:onedev_project:onedev:2.0.0
Onedev Project » Onedev » Version: 2.0.1

cpe:2.3:a:onedev_project:onedev:2.0.1
Onedev Project » Onedev » Version: 2.0.2

cpe:2.3:a:onedev_project:onedev:2.0.2
Onedev Project » Onedev » Version: 2.0.3

cpe:2.3:a:onedev_project:onedev:2.0.3
Onedev Project » Onedev » Version: 2.0.4

cpe:2.3:a:onedev_project:onedev:2.0.4
Onedev Project » Onedev » Version: 2.0.5

cpe:2.3:a:onedev_project:onedev:2.0.5
Onedev Project » Onedev » Version: 2.0.6

cpe:2.3:a:onedev_project:onedev:2.0.6
Onedev Project » Onedev » Version: 2.0.7

cpe:2.3:a:onedev_project:onedev:2.0.7
Onedev Project » Onedev » Version: 2.0.8

cpe:2.3:a:onedev_project:onedev:2.0.8
Onedev Project » Onedev » Version: 3.0.10

cpe:2.3:a:onedev_project:onedev:3.0.10
Onedev Project » Onedev » Version: 3.0.11

cpe:2.3:a:onedev_project:onedev:3.0.11
Onedev Project » Onedev » Version: 3.0.12

cpe:2.3:a:onedev_project:onedev:3.0.12
Onedev Project » Onedev » Version: 3.0.13

cpe:2.3:a:onedev_project:onedev:3.0.13
Onedev Project » Onedev » Version: 3.0.14

cpe:2.3:a:onedev_project:onedev:3.0.14
Onedev Project » Onedev » Version: 3.0.4

cpe:2.3:a:onedev_project:onedev:3.0.4
Onedev Project » Onedev » Version: 3.0.5

cpe:2.3:a:onedev_project:onedev:3.0.5
Onedev Project » Onedev » Version: 3.0.6

cpe:2.3:a:onedev_project:onedev:3.0.6
Onedev Project » Onedev » Version: 3.0.7

cpe:2.3:a:onedev_project:onedev:3.0.7
Onedev Project » Onedev » Version: 3.0.8

cpe:2.3:a:onedev_project:onedev:3.0.8
Onedev Project » Onedev » Version: 3.0.9

cpe:2.3:a:onedev_project:onedev:3.0.9
Onedev Project » Onedev » Version: 3.1.0

cpe:2.3:a:onedev_project:onedev:3.1.0
Onedev Project » Onedev » Version: 3.1.1

cpe:2.3:a:onedev_project:onedev:3.1.1
Onedev Project » Onedev » Version: 3.1.2

cpe:2.3:a:onedev_project:onedev:3.1.2
Onedev Project » Onedev » Version: 3.2.0

cpe:2.3:a:onedev_project:onedev:3.2.0
Onedev Project » Onedev » Version: 3.2.1

cpe:2.3:a:onedev_project:onedev:3.2.1
Onedev Project » Onedev » Version: 3.2.2

cpe:2.3:a:onedev_project:onedev:3.2.2
Onedev Project » Onedev » Version: 3.2.3

cpe:2.3:a:onedev_project:onedev:3.2.3
Onedev Project » Onedev » Version: 3.2.4

cpe:2.3:a:onedev_project:onedev:3.2.4
Onedev Project » Onedev » Version: 3.2.5

cpe:2.3:a:onedev_project:onedev:3.2.5
Onedev Project » Onedev » Version: 3.2.6

cpe:2.3:a:onedev_project:onedev:3.2.6
Onedev Project » Onedev » Version: 3.2.7

cpe:2.3:a:onedev_project:onedev:3.2.7
Onedev Project » Onedev » Version: 3.2.8

cpe:2.3:a:onedev_project:onedev:3.2.8
Onedev Project » Onedev » Version: 3.2.9

cpe:2.3:a:onedev_project:onedev:3.2.9
Onedev Project » Onedev » Version: 4.0.0

cpe:2.3:a:onedev_project:onedev:4.0.0
Onedev Project » Onedev » Version: 4.0.1

cpe:2.3:a:onedev_project:onedev:4.0.1
Onedev Project » Onedev » Version: 4.0.2

cpe:2.3:a:onedev_project:onedev:4.0.2

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2021-21242

Products

Pricing

Contact Us