---

CVE-2021-31863 - log back

CVE-2021-31863 edited at 10 May 2021 20:07:35

Description

- Insufficient input validation in the Git repository integration of Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows Redmine users to read arbitrary local files accessible by the application server process. + Insufficient input validation in the Git repository integration of Redmine before 4.2.1 allows Redmine users to read arbitrary local files accessible by the application server process.

CVE-2021-31863 edited at 28 Apr 2021 08:05:26
Severity	- Unknown + Critical
Remote	- Unknown + Remote
Type	- Unknown + Arbitrary filesystem access
Description	+ Insufficient input validation in the Git repository integration of Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows Redmine users to read arbitrary local files accessible by the application server process.
References	+ https://www.redmine.org/projects/redmine/wiki/Security_Advisories + https://www.redmine.org/issues/35085 + https://github.com/redmine/redmine/commit/45461bfe51e9492d607f7204120f49ce3396a0cf
Notes

CVE-2021-31863 created at 28 Apr 2021 08:02:27