---

CVE-2021-22241 - log back

CVE-2021-22241 edited at 05 Aug 2021 22:36:48
Severity	- Unknown + High
Remote	- Unknown + Remote
Type	- Unknown + Cross-site scripting
Description	+ An issue has been discovered in GitLab affecting all versions starting from 13.4 and before 14.1.2. It was possible to exploit a stored cross-site-scripting via a specifically crafted default branch name.
References	+ https://about.gitlab.com/releases/2021/08/03/security-release-gitlab-14-1-2-released/#stored-xss-in-default-branch-name + https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22241.json + https://gitlab.com/gitlab-org/gitlab/-/issues/336460 + https://hackerone.com/reports/1256777

CVE-2021-22241 created at 05 Aug 2021 22:35:26
Severity	+ Unknown
Remote	+ Unknown
Type	+ Unknown
Description
References
Notes