VulnerableCode Package Details - pkg:deb/debian/redmine@0?distro=trixie

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-3xup-fkaz-e7hu	A vulnerability has been found in Redmine 6.0.0/6.0.1/6.0.2/6.0.3 and classified as problematic. This vulnerability affects unknown code of the component Custom Query Handler. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 6.0.4 is able to address this issue. It is recommended to upgrade the affected component.	CVE-2025-4011
VCID-pwfc-n1q7-b7e4	Redmine 4.2.0 and 4.2.1 allow existing user sessions to continue upon enabling two-factor authentication for the user's account, but the intended behavior is for those sessions to be terminated.	CVE-2021-37156
VCID-yjxe-atwc-6yec	Redmine 4.1.x before 4.1.2 allows XSS because an issue's subject is mishandled in the auto complete tip.	CVE-2021-29274

Vulnerability

Summary

Aliases

VCID-3xup-fkaz-e7hu

A vulnerability has been found in Redmine 6.0.0/6.0.1/6.0.2/6.0.3 and classified as problematic. This vulnerability affects unknown code of the component Custom Query Handler. The manipulation of the argument Name leads to cross site scripting. The attack can be initiated remotely. Upgrading to version 6.0.4 is able to address this issue. It is recommended to upgrade the affected component.

CVE-2025-4011

VCID-pwfc-n1q7-b7e4

Redmine 4.2.0 and 4.2.1 allow existing user sessions to continue upon enabling two-factor authentication for the user's account, but the intended behavior is for those sessions to be terminated.

CVE-2021-37156

VCID-yjxe-atwc-6yec

Redmine 4.1.x before 4.1.2 allows XSS because an issue's subject is mishandled in the auto complete tip.

CVE-2021-29274

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-04-16T11:06:47.131071+00:00	Debian Importer	Fixing	VCID-yjxe-atwc-6yec	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T11:02:54.862393+00:00	Debian Importer	Fixing	VCID-pwfc-n1q7-b7e4	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-16T09:08:04.759239+00:00	Debian Importer	Fixing	VCID-3xup-fkaz-e7hu	https://security-tracker.debian.org/tracker/data/json	38.4.0
2026-04-13T07:32:56.598795+00:00	Debian Importer	Fixing	VCID-yjxe-atwc-6yec	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-13T07:30:05.602679+00:00	Debian Importer	Fixing	VCID-pwfc-n1q7-b7e4	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-11T18:07:03.605225+00:00	Debian Importer	Fixing	VCID-3xup-fkaz-e7hu	https://security-tracker.debian.org/tracker/data/json	38.3.0
2026-04-03T07:51:58.680664+00:00	Debian Importer	Fixing	VCID-3xup-fkaz-e7hu	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:51:58.361814+00:00	Debian Importer	Fixing	VCID-pwfc-n1q7-b7e4	https://security-tracker.debian.org/tracker/data/json	38.1.0
2026-04-03T07:51:58.085063+00:00	Debian Importer	Fixing	VCID-yjxe-atwc-6yec	https://security-tracker.debian.org/tracker/data/json	38.1.0