CVE-2019-25026

Name of the Vulnerable Software and Affected Versions Redmine versions 3.4.13 and earlier, 4.x versions prior to 4.0.6

Description The issue is related to incorrect handling of markup data during Textile formatting in the Redmine project management and task management server web application. This can allow a remote attacker to impact data integrity.

Recommendations For Redmine versions 3.4.13 and earlier, update to version 3.4.13 or later. For Redmine 4.x versions prior to 4.0.6, update to version 4.0.6 or later. As a temporary workaround, consider disabling Textile formatting until a patch is available.