Vulnerability Description
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (`request.getInputStream()`) to a user specified location (`request.getHeader("File-Name")`). This issue may lead to arbitrary file upload which can be used to upload a WebShell to OneDev server. This issue is addressed in 4.0.3 by only allowing uploaded file to be in attachments folder. The webshell issue is not possible as OneDev never executes files in attachments folder.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Onedev Project | Onedev | < 4.0.3 |
Related Weaknesses (CWE)
References
- https://github.com/theonedev/onedev/commit/0c060153fb97c0288a1917efdb17cc426934dPatchThird Party Advisory
- https://github.com/theonedev/onedev/security/advisories/GHSA-62m2-38q5-96w9Third Party Advisory
- https://github.com/theonedev/onedev/commit/0c060153fb97c0288a1917efdb17cc426934dPatchThird Party Advisory
- https://github.com/theonedev/onedev/security/advisories/GHSA-62m2-38q5-96w9Third Party Advisory
FAQ
What is CVE-2021-21245?
CVE-2021-21245 is a vulnerability with a CVSS score of 10.0 (CRITICAL). OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (`request.getInputStream()`) to a user specified location (`request.get...
How severe is CVE-2021-21245?
CVE-2021-21245 has been rated CRITICAL with a CVSS base score of 10.0/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2021-21245?
Check the references section above for vendor advisories and patch information. Affected products include: Onedev Project Onedev.