Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2021-22185 - log back

CVE-2021-22185 edited at 05 Mar 2021 00:04:01

Severity

-	Unknown
+	Medium

Remote

-	Unknown
+	Remote

Type

-	Unknown
+	Cross-site scripting

Description

+	Insufficient input sanitization in wikis in GitLab version 13.8 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a specially-crafted commit to a wiki. The issue is fixed in GitLab versions 13.9.2, 13.8.5 and 13.7.8.

References

+	https://about.gitlab.com/releases/2021/03/04/security-release-gitlab-13-9-2-released/#stored-xss-in-wiki-pages

Notes

CVE-2021-22185 created at 05 Mar 2021 00:02:28