CVE-2021-31865 - log back

CVE-2021-31865 edited at 10 May 2021 20:07:54
Description
- Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows users to circumvent the allowed filename extensions of uploaded attachments.
+ Redmine before 4.2.1 allows users to circumvent the allowed filename extensions of uploaded attachments.
CVE-2021-31865 edited at 28 Apr 2021 08:08:50
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Arbitrary file upload
Description
+ Redmine before 4.0.9, 4.1.x before 4.1.3, and 4.2.x before 4.2.1 allows users to circumvent the allowed filename extensions of uploaded attachments.
References
+ https://www.redmine.org/projects/redmine/wiki/Security_Advisories
+ https://www.redmine.org/issues/34367
+ https://github.com/redmine/redmine/commit/56979912c9bb041aac3fc5b88bf8275b743b0e28
Notes
CVE-2021-31865 created at 28 Apr 2021 08:02:27