Vulnerabilidades em theonedev
23 resultadosCVE-2021-21242CRITICALPre-Auth Unsafe Deserialization on AttachmentUploadServetEPSS 74.2%CVE-2021-21243CRITICALPre-Auth Unsafe Deserialization on KubernetesResourceEPSS 54.5%CVE-2021-21246HIGHPre-Auth Access token leakEPSS 49.3%CVE-2024-45309HIGHOneDev vulnerable to arbitrary file reading for unauthenticated userEPSS 24.8%CVE-2021-21251HIGHZipSlip Arbitrary File UploadEPSS 12.2%CVE-2021-21249CRITICALPost-Auth Unsafe Yaml deserializationEPSS 2.9%CVE-2022-39205CRITICALAccess Control Bypass in OnedevEPSS 1.7%CVE-2022-39206CRITICALCI/CD Docker Escape in OneDevEPSS 1.6%CVE-2021-21247CRITICALPost-Auth Unsafe Deserialization on BasePage (AJAX)EPSS 1.5%CVE-2021-21244CRITICALPre-Auth SSTI via Bean validation message tamperingEPSS 1.5%CVE-2021-21248CRITICALPost-Auth Arbitrary Code execution via Groovy script injectionEPSS 1.5%CVE-2022-39208HIGHGit Repository Disclosure in OnedevEPSS 1.4%CVE-2021-21245CRITICALPre-Auth Arbitrary File UploadEPSS 1.2%CVE-2021-32651LOWLDAP injection via OneDev may leak some LDAP directory informationEPSS 1.1%CVE-2021-21250HIGHPost-Auth External Entity Expansion (XXE)EPSS 0.9%CVE-2023-24828HIGHUse of Cryptographically Weak Pseudo-Random Number Generator in OnedevEPSS 0.7%CVE-2022-39207MEDIUMPersistent XSS in OneDevEPSS 0.7%CVE-2026-49248HIGHOneDev: RCE through absolute-path symlink following allows low-privileged users to overwrite arbitrary server via TarUtils.untarEPSS 0.4%CVE-2026-44647HIGHOneDev: Path Traversal (read capability via Git LFS pointer resolution)EPSS 0.3%CVE-2026-11438MEDIUMtheonedev projects improper authorizationEPSS 0.2%