Log

AVG-2047 created at 08 Jun 2021 17:12:11
Packages
+ dotnet-runtime-3.1
+ dotnet-sdk-3.1
Issues
+ CVE-2021-31957
Status
+ Vulnerable
Severity
+ Medium
Affected
+ 3.1.15.sdk115-1
Fixed
Ticket
Advisory qualified
+ Yes
References
Notes
AVG-2046 edited at 08 Jun 2021 17:10:58
Severity
- Unknown
+ Medium
CVE-2021-31957 edited at 08 Jun 2021 17:10:58
Severity
- Unknown
+ Medium
Remote
- Unknown
+ Remote
Type
- Unknown
+ Denial of service
Description
+ A denial of service vulnerability exists in .NET 5.0 before Runtime 5.0.7 and SDK 5.0.204 as well as .NET Core 3.1 before Runtime 3.1.16 and SDK 3.1.116 in ASP.NET.
References
+ https://github.com/dotnet/announcements/issues/189
Notes
AVG-2046 created at 08 Jun 2021 17:07:37
Packages
+ dotnet-runtime
+ dotnet-sdk
Issues
+ CVE-2021-31957
Status
+ Vulnerable
Severity
+ Unknown
Affected
+ 5.0.6.sdk203-1
Fixed
Ticket
Advisory qualified
+ Yes
References
Notes
CVE-2021-31957 created at 08 Jun 2021 17:07:37
AVG-2045 created at 08 Jun 2021 17:02:09
Packages
+ gitlab
Issues
+ CVE-2021-22215
Status
+ Not affected
Severity
+ High
Affected
+ 13.11.3-1
Fixed
+ 13.12.2-1
Ticket
Advisory qualified
+ No
References
Notes
CVE-2021-22220 edited at 08 Jun 2021 17:01:33
Description
- An issue has been discovered in GitLab affecting all versions starting with 13.10. GitLab was vulnerable to a stored cross-site scripting (XSS) attack in blob viewer of notebooks.
+ An issue has been discovered in GitLab affecting all versions starting with 13.10 before 13.12.2. GitLab was vulnerable to a stored cross-site scripting (XSS) attack in blob viewer of notebooks.
References
https://about.gitlab.com/releases/2021/06/01/security-release-gitlab-13-12-2-released/
https://gitlab.com/gitlab-org/gitlab/-/issues/294128
https://hackerone.com/reports/1060114
CVE-2021-22219 edited at 08 Jun 2021 17:01:21
Description
- GitLab CE/EE since version 9.5 allows a high privilege user to obtain sensitive information from log files because the sensitive information was not correctly registered for log masking.
+ GitLab CE/EE since version 9.5 before 13.12.2 allows a high privilege user to obtain sensitive information from log files because the sensitive information was not correctly registered for log masking.
References
https://about.gitlab.com/releases/2021/06/01/security-release-gitlab-13-12-2-released/
https://gitlab.com/gitlab-org/gitlab/-/issues/296995
CVE-2021-22218 edited at 08 Jun 2021 17:01:12
Description
- All versions of GitLab CE/EE starting with 12.8 were affected by an issue in the handling of x509 certificates that could be used to spoof author of signed commits.
+ All versions of GitLab CE/EE starting with 12.8 before 13.12.2 were affected by an issue in the handling of x509 certificates that could be used to spoof author of signed commits.
References
https://gitlab.com/gitlab-org/gitlab/-/issues/297665
https://hackerone.com/reports/1077019
CVE-2021-22217 edited at 08 Jun 2021 17:01:02
Description
- A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a specially crafted issue or merge request.
+ A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2 allows an attacker to cause uncontrolled resource consumption with a specially crafted issue or merge request.
References
https://about.gitlab.com/releases/2021/06/01/security-release-gitlab-13-12-2-released/
https://gitlab.com/gitlab-org/gitlab/-/issues/300709
https://hackerone.com/reports/1090049
CVE-2021-22216 edited at 08 Jun 2021 17:00:52
Description
- A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2, 13.11.5 or 13.10.5 allows an attacker to cause uncontrolled resource consumption with a very long issue or merge request description.
+ A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2 allows an attacker to cause uncontrolled resource consumption with a very long issue or merge request description.
References
https://about.gitlab.com/releases/2021/06/01/security-release-gitlab-13-12-2-released/
https://gitlab.com/gitlab-org/gitlab/-/issues/329890
AVG-2023 edited at 08 Jun 2021 17:00:39
Issues
CVE-2021-22181
CVE-2021-22213
CVE-2021-22214
- CVE-2021-22215
CVE-2021-22216
CVE-2021-22217
CVE-2021-22218
CVE-2021-22219
CVE-2021-22220
CVE-2021-22221