CVE-2021-31863 log

Source
Severity Critical
Remote Yes
Type Arbitrary filesystem access
Description
Insufficient input validation in the Git repository integration of Redmine before 4.2.1 allows Redmine users to read arbitrary local files accessible by the application server process.
Group Package Affected Fixed Severity Status Ticket
AVG-1743 redmine 4.1.1-2 4.2.1-1 Critical Fixed FS#70203
References
https://www.redmine.org/projects/redmine/wiki/Security_Advisories
https://www.redmine.org/issues/35085
https://github.com/redmine/redmine/commit/45461bfe51e9492d607f7204120f49ce3396a0cf