First published: Thu Apr 05 2018(Updated: )
GitLab Community and Enterprise Editions version 8.4 up to 10.4 are vulnerable to XSS because a lack of input validation in the merge request component leads to cross site scripting (specifically, filenames in changes tabs of merge requests). This is fixed in 10.6.3, 10.5.7, and 10.4.7.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
GitLab GitLab | >=8.4<10.4.7 | |
GitLab GitLab | >=8.4<10.4.7 | |
GitLab GitLab | >=10.5.0<10.5.7 | |
GitLab GitLab | >=10.5.0<10.5.7 | |
GitLab GitLab | >=10.6.0<10.6.3 | |
GitLab GitLab | >=10.6.0<10.6.3 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.