CVE-2021-22223 log

Severity Medium
Remote Yes
Type Cross-site scripting
Client-Side code injection through a Feature Flag name in GitLab CE/EE starting with 11.9 and before version 14.0.2 allows a specially crafted feature flag name to PUT requests on behalf of other users via clicking on a link.
Group Package Affected Fixed Severity Status Ticket
AVG-2125 gitlab 14.0.1-1 14.0.3-1 High Fixed
Date Advisory Group Package Severity Type
06 Jul 2021 ASA-202107-18 AVG-2125 gitlab High multiple issues