CVE-2021-39904 - log back

CVE-2021-39904 edited at 28 Oct 2021 15:12:09
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Access restriction bypass
Description
+ An Improper Access Control vulnerability in the GraphQL API in GitLab CE/EE since version 13.1 allows a Merge Request creator to resolve discussions and apply suggestions after a project owner has locked the Merge Request.
References
+ https://about.gitlab.com/releases/2021/10/28/security-release-gitlab-14-4-1-released/
CVE-2021-39904 created at 28 Oct 2021 15:08:24