AVG-726 log
Package | gitlab |
Status | Fixed |
Severity | Medium |
Type | multiple issues |
Affected | 11.0.0-1 |
Fixed | 11.0.1-1 |
Current | 17.7.0-1 [extra] |
Ticket | None |
Created | Wed Jun 27 07:52:29 2018 |
Issue | Severity | Remote | Type | Description |
---|---|---|---|---|
CVE-2018-12607 | Medium | Yes | Cross-site scripting | The charts feature contained a persistent XSS issue due to a lack of output encoding. |
CVE-2018-12606 | Medium | Yes | Cross-site scripting | The wiki contains a persistent XSS issue due to a lack of output encoding affecting a specific markdown feature. |
CVE-2018-3740 | Medium | Yes | Insufficient validation | A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element. |
Date | Advisory | Package | Type |
---|---|---|---|
04 Jul 2018 | ASA-201807-1 | gitlab | multiple issues |
References |
---|
https://about.gitlab.com/2018/06/25/security-release-gitlab-11-dot-0-dot-1-released/ |