Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2021-21244

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, There is a vulnerability that enabled pre-auth server side template injection via Bean validation message tampering. Full details in the reference GHSA. This issue was fixed in 4.0.3 by disabling validation interpolation completely.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 58.1%
CVSS Severity
CVSS v3 Score 10.0
CVSS v2 Score 7.5
Products affected by CVE-2021-21244


Contact Us

Shodan ® - All rights reserved