📦 Onedev

CVE-2021-21242 is a critical pre-authentication remote code execution vulnerability in OneDev devops platform. Attackers can exploit insecure deserialization in AttachmentUploadServlet to execute arbi...

This vulnerability allows authenticated attackers to achieve remote code execution on OneDev DevOps platforms by exploiting insecure deserialization in AJAX event listeners. It affects all OneDev inst...

CVE-2021-21249 is a post-authentication remote code execution vulnerability in OneDev DevOps platform. It allows authenticated attackers to execute arbitrary code on the server by exploiting insecure ...

This vulnerability in OneDev allows unauthenticated remote code execution via insecure deserialization in Kubernetes REST endpoints. Attackers can exploit this to execute arbitrary code on affected sy...

CVE-2023-24828 is a cryptographic weakness in OneDev's access token and password reset key generation algorithm that allows normal users to predict or brute-force administrative credentials. This affe...