{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T23:51:29.304","vulnerabilities":[{"cve":{"id":"CVE-2021-21244","sourceIdentifier":"security-advisories@github.com","published":"2021-01-15T20:15:12.097","lastModified":"2024-11-21T05:47:51.130","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, There is a vulnerability that enabled pre-auth server side template injection via Bean validation message tampering. Full details in the reference GHSA. This issue was fixed in 4.0.3 by disabling validation interpolation completely."},{"lang":"es","value":"OneDev es una plataforma devops todo en uno. En OneDev versiones anteriores a  4.0.3. Se presenta una vulnerabilidad que habilita una inyección de plantilla del lado del servidor previa a la autenticación por medio de la manipulación del mensaje de comprobación de Bean. Detalles completos en la referencia GHSA. Este problema se corrigió en la versión 4.0.3 al deshabilitar la interpolación de comprobación por completo"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N","baseScore":10.0,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":5.8},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":9.8,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":3.9,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","baseScore":7.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"HIGH","exploitabilityScore":10.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-74"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-94"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:onedev_project:onedev:*:*:*:*:*:*:*:*","versionEndExcluding":"4.0.3","matchCriteriaId":"5287F01C-3A77-4491-AB49-401A50FAA6E9"}]}]}],"references":[{"url":"https://github.com/theonedev/onedev/commit/4f5dc6fb9e50f2c41c4929b0d8c5824b2cca3d65","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/theonedev/onedev/security/advisories/GHSA-vm26-xg39-cfj4","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://github.com/theonedev/onedev/commit/4f5dc6fb9e50f2c41c4929b0d8c5824b2cca3d65","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/theonedev/onedev/security/advisories/GHSA-vm26-xg39-cfj4","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}