{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-13T00:10:33.459","vulnerabilities":[{"cve":{"id":"CVE-2021-21249","sourceIdentifier":"security-advisories@github.com","published":"2021-01-15T21:15:13.740","lastModified":"2024-11-21T05:47:51.713","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is an issue involving YAML parsing which can lead to post-auth remote code execution. In order to parse and process YAML files, OneDev uses SnakeYaml which by default (when not using `SafeConstructor`) allows the instantiation of arbitrary classes. We can leverage that to run arbitrary code by instantiating classes such as `javax.script.ScriptEngineManager` and using `URLClassLoader` to load the script engine provider, resulting in the instantiation of a user controlled class. For a full example refer to the referenced GHSA. This issue was addressed in 4.0.3 by only allowing certain known classes to be deserialized"},{"lang":"es","value":"OneDev es una plataforma devops todo en uno. En OneDev versiones anteriores a 4.0.3, Se presenta un problema relacionado con el análisis de YAML que puede conllevar a una ejecución de código remota  posterior a la autenticación. Para analizar y procesar archivos YAML, OneDev usa SnakeYaml que por defecto (cuando no usa \"SafeConstructor\") permite la instanciación de clases arbitrarias. Podemos aprovechar eso para ejecutar código arbitrario creando instancias de clases como \"javax.script.ScriptEngineManager\" y usando \"URLClassLoader\" para cargar el proveedor del motor de script, resultando en la instanciación de una clase controlada por el usuario. Para obtener un ejemplo completo, consulte la GHSA referenciada. Este problema fue abordado en la versión 4.0.3, al permitir que determinadas clases conocidas sean deserializadas"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N","baseScore":9.6,"baseSeverity":"CRITICAL","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"NONE"},"exploitabilityScore":3.1,"impactScore":5.8},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:S/C:P/I:P/A:P","baseScore":6.5,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"SINGLE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.0,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-74"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-502"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:onedev_project:onedev:*:*:*:*:*:*:*:*","versionEndExcluding":"4.0.3","matchCriteriaId":"5287F01C-3A77-4491-AB49-401A50FAA6E9"}]}]}],"references":[{"url":"https://github.com/theonedev/onedev/commit/d6fc4212b1ac1e9bbe3ce444e95f9af1e3ab8b66","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/theonedev/onedev/security/advisories/GHSA-7xhq-m2q9-6hpm","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://github.com/theonedev/onedev/commit/d6fc4212b1ac1e9bbe3ce444e95f9af1e3ab8b66","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/theonedev/onedev/security/advisories/GHSA-7xhq-m2q9-6hpm","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}