CVE-2021-39910: XSS
First published: Mon Dec 13 2021(Updated: )
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.6 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitLab was vulnerable to HTML Injection through the Swagger UI feature.
Credit: cve@gitlab.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GitLab | >=12.6.0<14.3.6 | |
| GitLab | >=12.6.0<14.3.6 | |
| GitLab | >=14.4.0<14.4.4 | |
| GitLab | >=14.4.0<14.4.4 | |
| GitLab | >=14.5.0<14.5.2 | |
| GitLab | >=14.5.0<14.5.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2021-39910?
CVE-2021-39910 is considered a medium severity vulnerability due to the potential for HTML injection.
How do I fix CVE-2021-39910?
The fix for CVE-2021-39910 involves upgrading GitLab to version 14.3.6 or later, 14.4.4 or later, or 14.5.2 or later.
What versions of GitLab are affected by CVE-2021-39910?
CVE-2021-39910 affects GitLab CE/EE versions starting from 12.6 and before 14.3.6, from 14.4 and before 14.4.4, and from 14.5 and before 14.5.2.
Can CVE-2021-39910 be exploited by external attackers?
Yes, CVE-2021-39910 can potentially be exploited by external attackers through the Swagger UI feature.
Is there a patch for CVE-2021-39910?
Yes, a patch is included in the newer versions of GitLab released after the identified vulnerable versions.
- agent/type
- agent/references
- agent/weakness
- agent/author
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/gitlab
- canonical/gitlab
- version/gitlab/12.6.0
- version/gitlab/14.4.0
- version/gitlab/14.5.0