gitlab

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Project management and code hosting application
Version 14.3.1-2 [community-testing]
14.3.1-1 [community]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-2432 14.3.0-1 High Not affected
AVG-2431 14.3.0-1 14.3.1-1 High Fixed
AVG-2335 14.2.1-1 14.2.2-1 Medium Fixed
AVG-2251 14.1.1-1 14.1.2-1 High Fixed
AVG-2137 14.0.1-1 14.0.3-1 Medium Not affected
AVG-2125 14.0.1-1 14.0.3-1 High Fixed
AVG-2090 13.12.3-1 14.0.0-1 Medium Fixed
AVG-2045 13.11.3-1 13.12.2-1 High Not affected
AVG-2023 13.11.3-1 13.12.2-1 High Fixed
AVG-1919 13.10.4-1 Medium Not affected
AVG-1888 13.10.3-2 13.10.4-1 High Fixed
AVG-1822 13.10.2-1 13.10.3-1 Critical Fixed
AVG-1770 13.9.4-1 13.10.1-1 Critical Fixed
AVG-1710 13.9.3-1 13.9.4-1 Critical Fixed
AVG-1648 13.9.1-1 13.9.2-1 Medium Fixed
AVG-1522 13.8.1-1 Medium Not affected
AVG-1521 13.8.1-1 13.8.2-1 Medium Fixed
AVG-1416 13.7.1-1 13.7.2-1 High Fixed
AVG-1347 13.6.1-1 13.6.2-1 Medium Not affected
AVG-1333 13.6.1-1 13.6.2-1 Medium Fixed
AVG-802 11.4.0-1 11.4.3-2 High Not affected
AVG-794 11.4.0-1 11.4.3-1 Critical Fixed
AVG-726 11.0.0-1 11.0.1-1 Medium Fixed
Issue Group Severity Remote Type Description
CVE-2021-39900 AVG-2431 Low Yes Information disclosure
Information disclosure from SendEntry in GitLab starting with 10.8 allowed exposure of full URL of artifacts stored in object-storage with a temporary...
CVE-2021-39899 AVG-2431 Low No Insufficient validation
In all versions of GitLab CE/EE, an attacker with physical access to a user’s machine may brute force the user’s password via the change password function....
CVE-2021-39896 AVG-2431 Low Yes Content spoofing
In all versions of GitLab CE/EE since version 8.0, when an admin uses the impersonate feature twice and stops impersonating, the admin may be logged in as...
CVE-2021-39894 AVG-2431 Medium Yes Cross-site request forgery
In all versions of GitLab CE/EE since version 8.0, a DNS rebinding vulnerability exists in Fogbugz importer which may be used by attackers to exploit Server...
CVE-2021-39893 AVG-2431 Medium Yes Denial of service
A potential denial of service vulnerability was discovered in GitLab starting with version 9.1 that allowed parsing files without authorisation.
CVE-2021-39892 AVG-2431 Medium Yes Information disclosure
In all versions of GitLab CE/EE since version 12.0, a lower privileged user can import users from projects that they don't have a maintainer role on and...
CVE-2021-39891 AVG-2431 Medium Yes Information disclosure
In all versions of GitLab CE/EE since version 8.0, access tokens created as part of admin's impersonation of a user are not cleared at the end of...
CVE-2021-39890 AVG-2431 Low Yes Access restriction bypass
It was possible to bypass 2FA for LDAP users and access some specific pages with Basic Authentication in GitLab 14.1.1 and above.
CVE-2021-39889 AVG-2432 Medium Yes Information disclosure
In all versions of GitLab EE since version 14.1, due to an insecure direct object reference vulnerability, an endpoint may reveal the protected branch name...
CVE-2021-39888 AVG-2432 Medium Yes Information disclosure
In all versions of GitLab EE since version 13.10, a specific API endpoint may reveal details about a private group and other sensitive info inside issue and...
CVE-2021-39887 AVG-2431 High Yes Cross-site scripting
A stored Cross-Site Scripting vulnerability in the GitLab Flavored Markdown in GitLab CE/EE version 8.4 and above allowed an attacker to execute arbitrary...
CVE-2021-39886 AVG-2431 Low Yes Information disclosure
Permissions rules were not applied while issues were moved between projects of the same group in GitLab versions starting with 10.6 and up to 14.1.7,...
CVE-2021-39885 AVG-2432 High Yes Cross-site scripting
A Stored cross-site scripting security issue in merge request creation page in Gitlab EE version 13.5 and above allows an attacker to execute arbitrary...
CVE-2021-39884 AVG-2432 Medium Yes Information disclosure
In all versions of GitLab EE since version 8.13, an endpoint discloses names of private groups that have access to a project to low privileged users that...
CVE-2021-39883 AVG-2432 Medium Yes Information disclosure
Improper authorization checks in GitLab EE > 13.11 allows subgroup members to see epics from all parent subgroups.
CVE-2021-39882 AVG-2431 Medium Yes Information disclosure
In all versions of GitLab CE/EE, provided a user ID, anonymous users can use a few endpoints to retrieve information about any GitLab user.
CVE-2021-39881 AVG-2431 Low Yes Content spoofing
In all versions of GitLab CE/EE since version 7.7, the application may let a malicious user create an OAuth client application with arbitrary scope names...
CVE-2021-39879 AVG-2431 Low No Authentication bypass
Missing authentication in all versions of GitLab CE/EE since version 7.11.0 allows an attacker with access to a victim's session to disable two-factor...
CVE-2021-39878 AVG-2431 Medium Yes Cross-site scripting
A stored Reflected Cross-Site Scripting vulnerability in the Jira integration in GitLab version 13.0 up to 14.3.1 allowed an attacker to execute arbitrary...
CVE-2021-39877 AVG-2431 High Yes Denial of service
A vulnerability was discovered in GitLab starting with version 12.2 that allows an attacker to cause uncontrolled resource consumption with a specially crafted file.
CVE-2021-39875 AVG-2431 Medium Yes Information disclosure
In all versions of GitLab CE/EE since version 13.6, it is possible to see pending invitations of any public group or public project by visiting an API endpoint.
CVE-2021-39874 AVG-2431 Medium Yes Authentication bypass
In all versions of GitLab CE/EE since version 11.0, the requirement to enforce 2FA is not honored when using git commands.
CVE-2021-39873 AVG-2431 Medium Yes Content spoofing
In all versions of GitLab CE/EE, there exists a content spoofing vulnerability which may be leveraged by attackers to trick users into visiting a malicious...
CVE-2021-39872 AVG-2431 Medium Yes Access restriction bypass
In all versions of GitLab CE/EE since version 14.1, an improper access control vulnerability allows users with expired password to still access GitLab...
CVE-2021-39871 AVG-2431 Medium Yes Access restriction bypass
In all versions of GitLab CE/EE since version 13.0, an instance that has the setting to disable Bitbucket Server import enabled is bypassed by an attacker...
CVE-2021-39870 AVG-2431 Medium Yes Access restriction bypass
In all versions of GitLab CE/EE since version 11.11, an instance that has the setting to disable Repo by URL import enabled is bypassed by an attacker...
CVE-2021-39869 AVG-2431 Medium Yes Information disclosure
In all versions of GitLab CE/EE since version 8.9, project exports may expose trigger tokens configured on that project.
CVE-2021-39868 AVG-2431 Medium Yes Denial of service
In all versions of GitLab CE/EE since version 8.12, an authenticated low-privileged malicious user may create a project with unlimited repository size by...
CVE-2021-39867 AVG-2431 Medium Yes Cross-site request forgery
In all versions of GitLab CE/EE since version 8.15, a DNS rebinding vulnerability in Gitea Importer may be exploited by an attacker to trigger Server Side...
CVE-2021-39866 AVG-2431 Medium Yes Access restriction bypass
A business logic error in the project deletion process in GitLab 13.6 and later allows persistent access via project access tokens.
CVE-2021-31799 AVG-2125 Medium Yes Arbitrary command execution
RDoc before version 6.3.1, as bundled with Ruby before version 2.7.4 and 2.6.8 as well as GitLab before version 14.0.2, used to call Kernel#open to open a...
CVE-2021-28965 AVG-1822 Critical Yes Incorrect calculation
When parsing and serializing a crafted XML document, the REXML gem (including the one bundled with Ruby) can create a wrong XML document whose structure is...
CVE-2021-22904 AVG-2090 Low Yes Denial of service
There is a possible denial of service (DoS) vulnerability in the Token Authentication logic in Action Controller before versions 6.1.3.2, 6.0.3.7, 5.2.4.6...
CVE-2021-22903 AVG-1919 Medium Yes Open redirect
There is a possible Open Redirect Vulnerability in Action Pack 6.1 before version 6.1.3.2. Specially crafted Host headers in combination with certain...
CVE-2021-22902 AVG-2090 Low Yes Denial of service
There is a possible Denial of Service vulnerability in Action Dispatch before version 6 before 6.0.3.7 and 6.1.0.2. Carefully crafted Accept headers can...
CVE-2021-22885 AVG-2090 Medium Yes Information disclosure
There is a possible information disclosure/unintended method execution vulnerability in Action Pack before versions 6.1.3.2, 6.0.3.7, 5.2.4.6 and 5.2.6 when...
CVE-2021-22259 AVG-2432 Medium Yes Denial of service
A potential denial of service vulnerability was discovered in GitLab EE starting with version 12.6 due to lack of pagination in dependencies API.
CVE-2021-22258 AVG-2335 Medium Yes Information disclosure
The project import/export feature in GitLab 8.9 and greater could be used to obtain otherwise private email addresses.
CVE-2021-22257 AVG-2335 Medium Yes Information disclosure
An issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.2.2. The route for /user.keys is not restricted on instances with...
CVE-2021-22241 AVG-2251 High Yes Cross-site scripting
An issue has been discovered in GitLab affecting all versions starting from 13.4 and before 14.1.2. It was possible to exploit a stored cross-site-scripting...
CVE-2021-22239 AVG-2251 Medium Yes Access restriction bypass
An unauthorized user was able to insert metadata when creating a new issue on GitLab 14.0 and later before version 14.1.2.
CVE-2021-22238 AVG-2335 Medium Yes Cross-site scripting
An issue has been discovered in GitLab affecting all versions starting with 13.3. GitLab was vulnerable to a stored cross-site scripting (XSS) attack by...
CVE-2021-22237 AVG-2251 Medium Yes Access restriction bypass
Under specialized conditions, GitLab may allow a user with an impersonation token to perform Git actions even if impersonation is disabled. This...
CVE-2021-22236 AVG-2251 Medium Yes Incorrect calculation
Due to improper handling of OAuth client IDs, new subscriptions generated OAuth tokens on an incorrect OAuth client application. This vulnerability is...
CVE-2021-22233 AVG-2137 Medium Yes Information disclosure
An information disclosure vulnerability in GitLab EE versions 13.10 and later before 14.0.2 allowed a user to read project details.
CVE-2021-22232 AVG-2125 Low Yes Content spoofing
HTML injection was possible via the full name field before version 14.0.2 in GitLab CE.
CVE-2021-22231 AVG-2125 Low Yes Denial of service
A denial of service on the user's profile page is found starting with GitLab CE/EE 8.0 and before 14.0.2 that allows an attacker to reject access to their...
CVE-2021-22230 AVG-2125 Medium Yes Arbitrary code execution
Improper code rendering while rendering merge requests could be exploited to submit malicious code. This vulnerability affects GitLab CE/EE 9.3 and later up...
CVE-2021-22229 AVG-2125 Medium Yes Information disclosure
An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.8 and before 14.0.2. Under a special condition it was possible to...
CVE-2021-22228 AVG-2125 Medium Yes Information disclosure
An issue has been discovered in GitLab affecting all versions before 14.0.2. Improper access control allows unauthorised users to access project details...
CVE-2021-22227 AVG-2125 Medium Yes Cross-site scripting
A reflected cross-site script vulnerability in GitLab before version 14.0.2 allowed an attacker to send a malicious link to a victim and trigger actions on...
CVE-2021-22226 AVG-2125 Medium Yes Access restriction bypass
Under certain conditions, some users were able to push to protected branches that were restricted to deploy keys in GitLab CE/EE since version 13.9 and...
CVE-2021-22225 AVG-2125 Medium Yes Cross-site scripting
Insufficient input sanitization in markdown in GitLab version 13.11 and up before version 14.0.2 allows an attacker to exploit a stored cross-site scripting...
CVE-2021-22224 AVG-2125 High Yes Cross-site request forgery
A cross-site request forgery vulnerability in the GraphQL API in GitLab since version 13.12 and before version 14.0.2 allowed an attacker to call mutations...
CVE-2021-22223 AVG-2125 Medium Yes Cross-site scripting
Client-Side code injection through a Feature Flag name in GitLab CE/EE starting with 11.9 and before version 14.0.2 allows a specially crafted feature flag...
CVE-2021-22221 AVG-2023 Medium Yes Authentication bypass
An issue has been discovered in GitLab affecting all versions starting from 12.9.0 before 13.12.2. Insufficient expired password validation in various...
CVE-2021-22220 AVG-2023 Medium Yes Cross-site scripting
An issue has been discovered in GitLab affecting all versions starting with 13.10 before 13.12.2. GitLab was vulnerable to a stored cross- site scripting...
CVE-2021-22219 AVG-2023 Medium Yes Information disclosure
GitLab CE/EE since version 9.5 before 13.12.2 allows a high privilege user to obtain sensitive information from log files because the sensitive information...
CVE-2021-22218 AVG-2023 Low Yes Content spoofing
All versions of GitLab CE/EE starting with 12.8 before 13.12.2 were affected by an issue in the handling of x509 certificates that could be used to spoof...
CVE-2021-22217 AVG-2023 Medium Yes Denial of service
A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2 allows an attacker to cause uncontrolled resource consumption with a...
CVE-2021-22216 AVG-2023 Medium Yes Denial of service
A denial of service vulnerability in all versions of GitLab CE/EE before 13.12.2 allows an attacker to cause uncontrolled resource consumption with a very...
CVE-2021-22215 AVG-2045 High Yes Information disclosure
An information disclosure vulnerability in GitLab EE versions 13.11 and later before 13.12.2 allowed a project owner to leak information about the members'...
CVE-2021-22214 AVG-2023 Medium Yes Access restriction bypass
When requests to the internal network for webhooks are enabled, a server-side request forgery vulnerability in GitLab CE/EE affecting all versions starting...
CVE-2021-22213 AVG-2023 High Yes Information disclosure
A cross-site leak vulnerability in the OAuth flow of all versions of GitLab CE/EE since 7.10 before 13.12.2 allowed an attacker to leak an OAuth access...
CVE-2021-22211 AVG-1888 Low Yes Access restriction bypass
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7. GitLab Dependency Proxy, under certain circumstances, can...
CVE-2021-22210 AVG-1888 Medium Yes Denial of service
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2. When querying the repository branches through API, GitLab was...
CVE-2021-22209 AVG-1888 High Yes Insufficient validation
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.8. GitLab was not properly validating authorisation tokens which...
CVE-2021-22208 AVG-1888 Medium Yes Access restriction bypass
An issue has been discovered in GitLab affecting versions prior to 13.5. Improper permission check could allow the change of timestamp for issue creation or...
CVE-2021-22206 AVG-1888 Medium Yes Information disclosure
An issue has been discovered in GitLab affecting all versions prior to 11.6. Pull mirror credentials were exposed and could allow other maintainers to view...
CVE-2021-22205 AVG-1822 Critical Yes Arbitrary code execution
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that is passed to a...
CVE-2021-22203 AVG-1770 High Yes Arbitrary filesystem access
An issue has been discovered in GitLab CE/EE affecting all versions starting with 13.7.9. A specially crafted Wiki page allowed attackers to read arbitrary...
CVE-2021-22202 AVG-1770 Low Yes Cross-site request forgery
An issue has been discovered in GitLab CE/EE affecting all previous versions. If the victim is an admin, it was possible to issue a cross- site request...
CVE-2021-22201 AVG-1770 Critical Yes Directory traversal
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.9. A specially crafted import file could read files on the server. The...
CVE-2021-22200 AVG-1770 Medium Yes Information disclosure
An issue has been discovered in GitLab CE/EE affecting all versions starting with 12.6. Under a special condition it was possible to access data of an...
CVE-2021-22199 AVG-1770 Low Yes Cross-site scripting
An issue has been discovered in GitLab affecting all versions starting with 12.9. GitLab was vulnerable to a stored cross-site scripting (XSS) attack if...
CVE-2021-22198 AVG-1770 Medium Yes Access restriction bypass
An issue has been discovered in GitLab CE/EE affecting all versions from 13.8 and above allowing an authenticated user to delete incident metric images of...
CVE-2021-22197 AVG-1770 Low Yes Denial of service
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 where an infinite loop exist when an authenticated user with specific...
CVE-2021-22196 AVG-1770 Medium Yes Cross-site scripting
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4. It was possible to exploit a stored cross-site- scripting in merge...
CVE-2021-22192 AVG-1710 Critical Yes Arbitrary code execution
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 allowing unauthorized authenticated users to execute arbitrary code...
CVE-2021-22186 AVG-1648 Medium Yes Access restriction bypass
An authorization issue in GitLab CE/EE version 9.4 and up allowed a group maintainer to modify group CI/CD variables which should be restricted to group...
CVE-2021-22185 AVG-1648 Medium Yes Cross-site scripting
Insufficient input sanitization in wikis in GitLab version 13.8 and up allows an attacker to exploit a stored cross-site scripting vulnerability via a...
CVE-2021-22181 AVG-2023 High Yes Denial of service
A denial of service vulnerability in GitLab CE/EE affecting all versions since 11.8 before 13.12.2 allows an attacker to create a recursive pipeline...
CVE-2021-22172 AVG-1521 Medium Yes Information disclosure
Improper authorization in GitLab 12.8+ allows a guest user in a private project to view tag data that should be inaccessible on the releases page. The issue...
CVE-2021-22171 AVG-1416 High Yes Authentication bypass
Insufficient validation of authentication parameters in GitLab Pages for GitLab 11.5+ would allow stealing a user's API access token. The issue is mitigated...
CVE-2021-22169 AVG-1522 Medium Yes Information disclosure
An issue was identified in GitLab EE 13.4 or later which could disclose internal IP address via error messages. It is fixed in versions 13.8.2, 13.7.6 and 13.6.6.
CVE-2021-22168 AVG-1416 Medium Yes Denial of service
A regular expression denial of service issue has been discovered in the NuGet API affecting all versions of GitLab starting from version 12.8. The issue is...
CVE-2021-22167 AVG-1416 Medium Yes Information disclosure
An issue has been discovered in GitLab affecting all versions starting from 12.1. Incorrect headers within a specific project page allow attackers to have...
CVE-2021-22166 AVG-1416 Medium Yes Denial of service
An attacker could cause a Prometheus denial of service in GitLab 13.7+ by sending an HTTP request with a malformed method. The issue is mitigated in GitLab...
CVE-2020-26417 AVG-1333 Medium Yes Information disclosure
Information disclosure via GraphQL in GitLab CE/EE 13.1 and later exposes private group and project membership. This affects versions >=13.6 to <13.6.2,...
CVE-2020-26416 AVG-1347 Medium Yes Information disclosure
Information disclosure in Advanced Search component of GitLab EE starting from 8.4 results in exposure of search terms via Rails logs. This affects versions...
CVE-2020-26415 AVG-1333 Medium Yes Information disclosure
An issue has been discovered in GitLab affecting all versions starting from 12.2 before 13.6.2, all versions starting from 12.2 before 13.5.5, all versions...
CVE-2020-26414 AVG-1416 Medium Yes Denial of service
An issue has been discovered in GitLab affecting all versions starting from 12.4. The regex used for package names is written in a way that makes execution...
CVE-2020-26413 AVG-1333 Medium Yes Information disclosure
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.4 before 13.6.2. Information disclosure via GraphQL starting in GitLab...
CVE-2020-26412 AVG-1347 Low Yes Information disclosure
Removed group members were able to use the To-Do functionality to retrieve updated information on confidential epics starting in GitLab EE 13.2 before 13.6.2.
CVE-2020-26411 AVG-1333 Medium Yes Denial of service
A potential denial of service vulnerability was discovered in all versions of Gitlab starting from 13.4.x (>=13.4 to <13.4.7, >=13.5 to <13.5.5, and >=13.6...
CVE-2020-26409 AVG-1333 Medium Yes Denial of service
A denial of service vulnerability exists in Gitlab CE/EE >=10.3, <13.4.7,>=13.5, <13.5.5,>=13.6, <13.6.2 that allows an attacker to trigger uncontrolled...
CVE-2020-26408 AVG-1333 Medium Yes Information disclosure
A limited information disclosure vulnerability exists in Gitlab CE/EE from >= 12.2 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2 that allows an...
CVE-2020-26407 AVG-1333 Medium Yes Cross-site scripting
A cross-site scripting vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to...
CVE-2020-13357 AVG-1333 Medium Yes Access restriction bypass
An issue was discovered in Gitlab CE/EE versions >= 13.1 to <13.4.7, >= 13.5 to <13.5.5, and >= 13.6 to <13.6.2 allowed an unauthorized user to access the...
CVE-2018-18843 AVG-802 High Yes Cross-site request forgery
The GitLab Kubernetes integration was vulnerable to a SSRF issue which could allow an attacker to make requests to access any internal URLs
CVE-2018-18649 AVG-794 Critical Yes Arbitrary code execution
A security issue has been found in gitlab versions prior to 11.4.3, where the wiki API contained an input validation issue which resulted in remote code execution.
CVE-2018-18648 AVG-794 Low Yes Information disclosure
A security issue has been found in gitlab versions prior to 11.4.3, where a JSON endpoint was disclosing Gem version information which could result in an...
CVE-2018-18647 AVG-802 Medium Yes Access restriction bypass
A security issue has been found in gitlab versions prior to 11.4.3, where the protected_branches API was vulnerable to an issue which allowed an...
CVE-2018-18646 AVG-794 Medium Yes Cross-site request forgery
A security issue has been found in gitlab versions prior to 11.4.3, where the Hipchat integration was vulnerable to a SSRF issue which allowed an attacker...
CVE-2018-18645 AVG-794 Low Yes Information disclosure
A security issue has been found in gitlab versions prior to 11.4.3, where when replying to an issue through email, with the GitLab email footer included, a...
CVE-2018-18644 AVG-802 Medium Yes Information disclosure
A security issue has been found in gitlab versions prior to 11.4.3, where the Prometheus integration was vulnerable to an indirect object reference issue...
CVE-2018-18643 AVG-794 Medium Yes Cross-site scripting
A security issue has been found in gitlab versions prior to 11.4.3, where the fragment identifier (hash) of several pages contained a lack of input...
CVE-2018-18642 AVG-802 Medium Yes Cross-site scripting
A security issue has been found in gitlab versions prior to 11.4.3, where the license management and security reports pages contained a lack of input...
CVE-2018-18641 AVG-794 Low Yes Information disclosure
A security issue has been found in gitlab versions prior to 11.4.3, where personal access tokens were being stored unencrypted as plain text in the database...
CVE-2018-18640 AVG-794 Medium No Information disclosure
A security issue has been found in gitlab versions prior to 11.4.3, where private project pages had inadequate cache control, which resulted in unauthorized...
CVE-2018-12607 AVG-726 Medium Yes Cross-site scripting
The charts feature contained a persistent XSS issue due to a lack of output encoding.
CVE-2018-12606 AVG-726 Medium Yes Cross-site scripting
The wiki contains a persistent XSS issue due to a lack of output encoding affecting a specific markdown feature.
CVE-2018-3740 AVG-726 Medium Yes Insufficient validation
A specially crafted HTML fragment can cause Sanitize gem for Ruby to allow non-whitelisted attributes to be used on a whitelisted HTML element.

Advisories

Date Advisory Group Severity Type
10 Aug 2021 ASA-202108-7 AVG-2251 High multiple issues
06 Jul 2021 ASA-202107-18 AVG-2125 High multiple issues
09 Jun 2021 ASA-202106-21 AVG-2023 High multiple issues
19 May 2021 ASA-202105-4 AVG-1888 High multiple issues
29 Apr 2021 ASA-202104-1 AVG-1822 Critical multiple issues
25 Mar 2021 ASA-202103-13 AVG-1710 Critical arbitrary code execution
06 Feb 2021 ASA-202102-11 AVG-1521 Medium information disclosure
12 Jan 2021 ASA-202101-10 AVG-1416 High multiple issues
31 Oct 2018 ASA-201810-16 AVG-794 Critical multiple issues
04 Jul 2018 ASA-201807-1 AVG-726 Medium multiple issues