CVE-2021-39885 log

Source
Severity High
Remote Yes
Type Cross-site scripting
Description
A Stored cross-site scripting security issue in merge request creation page in Gitlab EE version 13.5 and above allows an attacker to execute arbitrary JavaScript code on the victim's behalf via malicious approval rule names.
Group Package Affected Fixed Severity Status Ticket
AVG-2432 gitlab 14.3.0-1 High Not affected
References
https://about.gitlab.com/releases/2021/09/30/security-release-gitlab-14-3-1-released/#stored-xss-in-merge-request-creation-page
https://hackerone.com/reports/1342009
https://gitlab.com/gitlab-org/gitlab/-/issues/341140