CVE-2021-21245

Published: Jan 15, 2021Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, AttachmentUploadServlet also saves user controlled data (`request.getInputStream()`) to a user specified location (`request.getHeader("File-Name")`). This issue may lead to arbitrary file upload which can be used to upload a WebShell to OneDev server. This issue is addressed in 4.0.3 by only allowing uploaded file to be in attachments folder. The webshell issue is not possible as OneDev never executes files in attachments folder.

Affected (1)

Products: Onedev Project: Onedev

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Onedev Project Onedev	Before 4.0.3

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (4)

https://github.com/theonedev/onedev/commit/0c060153fb97c0288a1917efdb17cc426934dacb

Source: security-advisories@github.com

PatchThird Party Advisory

https://github.com/theonedev/onedev/security/advisories/GHSA-62m2-38q5-96w9

Source: security-advisories@github.com

Third Party Advisory

https://github.com/theonedev/onedev/commit/0c060153fb97c0288a1917efdb17cc426934dacb

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/theonedev/onedev/security/advisories/GHSA-62m2-38q5-96w9

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.