CVE-2021-31865 log

Source
Severity Medium
Remote Yes
Type Arbitrary file upload
Description
Redmine before 4.2.1 allows users to circumvent the allowed filename extensions of uploaded attachments.
Group Package Affected Fixed Severity Status Ticket
AVG-1743 redmine 4.1.1-2 4.2.1-1 Critical Fixed FS#70203
Date Advisory Group Package Severity Type
19 May 2021 ASA-202105-1 AVG-1743 redmine Critical multiple issues
References
https://www.redmine.org/projects/redmine/wiki/Security_Advisories
https://www.redmine.org/issues/34367
https://github.com/redmine/redmine/commit/56979912c9bb041aac3fc5b88bf8275b743b0e28