CVE-2021-31865 log

Source
Severity Medium
Remote Yes
Type Arbitrary file upload
Description
Redmine before 4.2.1 allows users to circumvent the allowed filename extensions of uploaded attachments.
Group Package Affected Fixed Severity Status Ticket
AVG-1743 redmine 4.1.1-2 4.2.1-1 Critical Fixed FS#70203
References
https://www.redmine.org/projects/redmine/wiki/Security_Advisories
https://www.redmine.org/issues/34367
https://github.com/redmine/redmine/commit/56979912c9bb041aac3fc5b88bf8275b743b0e28