AVG-726 log

Package gitlab
Status Fixed
Severity Medium
Type multiple issues
Affected 11.0.0-1
Fixed 11.0.1-1
Current 17.5.1-1 [extra]
Ticket None
Created Wed Jun 27 07:52:29 2018
Issue Severity Remote Type Description
CVE-2018-12607 Medium Yes Cross-site scripting
The charts feature contained a persistent XSS issue due to a lack of output encoding.
CVE-2018-12606 Medium Yes Cross-site scripting
The wiki contains a persistent XSS issue due to a lack of output encoding affecting a specific markdown feature.
CVE-2018-3740 Medium Yes Insufficient validation
A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element.
Date Advisory Package Type
04 Jul 2018 ASA-201807-1 gitlab multiple issues
References
https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/