AVG-726 log
| Package | gitlab |
| Status | Fixed |
| Severity | Medium |
| Type | multiple issues |
| Affected | 11.0.0-1 |
| Fixed | 11.0.1-1 |
| Current | 17.6.0-1 [extra] |
| Ticket | None |
| Created | Wed Jun 27 07:52:29 2018 |
| Issue | Severity | Remote | Type | Description |
|---|---|---|---|---|
| CVE-2018-12607 | Medium | Yes | Cross-site scripting | The charts feature contained a persistent XSS issue due to a lack of output encoding. |
| CVE-2018-12606 | Medium | Yes | Cross-site scripting | The wiki contains a persistent XSS issue due to a lack of output encoding affecting a specific markdown feature. |
| CVE-2018-3740 | Medium | Yes | Insufficient validation | A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element. |
| Date | Advisory | Package | Type |
|---|---|---|---|
| 04 Jul 2018 | ASA-201807-1 | gitlab | multiple issues |
| References |
|---|
https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/ |