AVG-1822 log

Package gitlab
Status Fixed
Severity Critical
Type multiple issues
Affected 13.10.2-1
Fixed 13.10.3-1
Current 17.7.0-1 [extra]
Ticket None
Created Wed Apr 14 13:58:40 2021
Issue Severity Remote Type Description
CVE-2021-28965 Critical Yes Incorrect calculation
When parsing and serializing a crafted XML document, the REXML gem (including the one bundled with Ruby) can create a wrong XML document whose structure is...
CVE-2021-22205 Critical Yes Arbitrary code execution
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that is passed to a...
Date Advisory Package Type
29 Apr 2021 ASA-202104-1 gitlab multiple issues
References
https://about.gitlab.com/releases/2021/04/14/security-release-gitlab-13-10-3-released/