CVE-2021-21244

Name of the Vulnerable Software and Affected Versions: OneDev versions prior to 4.0.3

Description: The issue is related to a pre-auth server side template injection via Bean validation message tampering in OneDev, an all-in-one devops platform. This was fixed in version 4.0.3 by disabling validation interpolation completely.

Recommendations: For versions prior to 4.0.3, update to version 4.0.3 or later to resolve the issue by having validation interpolation disabled. As a temporary workaround, consider disabling validation interpolation completely until the update can be applied.