The OneDev self-hosted Git server has several high-impact vulnerabilities that can be exploited by attackers, including a Server-Side Request Forgery (SSRF) vulnerability, an Access Control Bypass leading to Remote Code Execution (CVE-2022-39205), a Docker Escape (CVE-2022-39206), and Persistent Cross-Site Scripting (CVE-2022-39207). These vulnerabilities can be combined by attackers to execute arbitrary commands on vulnerable instances, allowing them to steal or manipulate source code, build artifacts, and launch further attacks against internal infrastructure. The maintainers of OneDev have fixed the issues in version 7.3.0, but users are recommended to update to this version to benefit from their fixes. The vulnerabilities highlight the importance of validating user-controlled inputs and ensuring that authentication mechanisms are properly implemented to prevent such attacks.