CVE-2022-2417 log

Severity Medium
Remote Yes
Type Unknown
gitlab allows an authenticated and authorised user to import a project that includes branch names which are 40 hexadecimal characters, which could be abused in supply chain attacks where a victim pinned to a specific Git commit of the project
Group Package Affected Fixed Severity Status Ticket
AVG-2785 gitlab 15.2.0-1 15.2.1-1 Medium Fixed