CVE-2021-21250— Post-Auth External Entity Expansion (XXE)
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-21250
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Post-Auth External Entity Expansion (XXE)
Source: NVD (National Vulnerability Database)
Vulnerability Description
OneDev is an all-in-one devops platform. In OneDev before version 4.0.3, there is a critical vulnerability which may lead to arbitrary file read. When BuildSpec is provided in XML format, the spec is processed by XmlBuildSpecMigrator.migrate(buildSpecString); which processes the XML document without preventing the expansion of external entities. These entities can be configured to read arbitrary files from the file system and dump their contents in the final XML document to be migrated. If the files are dumped in properties included in the YAML file, it will be possible for an attacker to read them. If not, it is possible for an attacker to exfiltrate the contents of these files Out Of Band. This issue was addressed in 4.0.3 by ignoring ENTITY instructions in xml file.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
文件和路径信息暴露
Source: NVD (National Vulnerability Database)
Vulnerability Title
Theonedev Onedev 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Theonedev Onedev是Theonedev团队的一个基于JAVA的多合一DevOps平台。该平台支持容器构建、编排、CI、Git管理、团队协作等功能,帮助开发者构建一个简单、功能强大的开发平台。 OneDev before version 4.0.3 存在安全漏洞,攻击者可利用该漏洞从文件系统中读取任意文件。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
II. Public POCs for CVE-2021-21250
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2021-21250
请登录查看更多情报信息。
- https://github.com/theonedev/onedev/security/advisories/GHSA-9pph-8gfc-6w2rx_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2021-21250
Same Patch Batch · theonedev · 2021-01-15 · 10 CVEs total
| CVE-2021-21242 | 10.0 CRITICAL | Pre-Auth Unsafe Deserialization on AttachmentUploadServet |
| CVE-2021-21243 | 10.0 CRITICAL | Pre-Auth Unsafe Deserialization on KubernetesResource |
| CVE-2021-21244 | 10.0 CRITICAL | Pre-Auth SSTI via Bean validation message tampering |
| CVE-2021-21245 | 10.0 CRITICAL | Pre-Auth Arbitrary File Upload |
| CVE-2021-21247 | 9.6 CRITICAL | Post-Auth Unsafe Deserialization on BasePage (AJAX) |
| CVE-2021-21248 | 9.6 CRITICAL | Post-Auth Arbitrary Code execution via Groovy script injection |
| CVE-2021-21249 | 9.6 CRITICAL | Post-Auth Unsafe Yaml deserialization |
| CVE-2021-21246 | 8.6 HIGH | Pre-Auth Access token leak |
| CVE-2021-21251 | 7.7 HIGH | ZipSlip Arbitrary File Upload |
IV. Related Vulnerabilities
Same vendor: theonedev
Same weakness: CWE-538
- CVE-2023-54346
WordPress Plugin Backup Migration 1.2.8 Unauthenticated Data - CVE-2026-7071
CodeAstro Online Job Portal user-cvs file information disclo - CVE-2026-6160
code-projects Simple ChatBox Endpoint chatbox.sql SimpleChat - CVE-2019-25706
Across DR-810 ROM-0 Unauthenticated File Disclosure - CVE-2026-33705
Chamilo LMS has unauthenticated access to Twig template sour
V. Comments for CVE-2021-21250
No comments yet