Page 7 of 33 results (0.003 seconds)

CVSS: 5.7EPSS: 0%CPEs: 3EXPL: 1

An issue was discovered in GitLab CE/EE affecting all versions starting from 8.2 prior to 17.1.6 starting from 17.2 prior to 17.2.4, and starting from 17.3 prior to 17.3.1, which allows an attacker to create a branch with the same name as a deleted tag. • https://gitlab.com/gitlab-org/gitlab/-/issues/470647 https://hackerone.com/reports/2574561 • CWE-684: Incorrect Provision of Specified Functionality •

CVSS: 6.4EPSS: 0%CPEs: 3EXPL: 0

An issue was discovered in GitLab EE affecting all versions starting 17.0 to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 allows an attacker to execute arbitrary command in a victim's pipeline through prompt injection. • https://gitlab.com/gitlab-org/gitlab/-/issues/472603 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 1

A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions prior to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1. A denial of service could occur upon importing a maliciously crafted repository using the GitHub importer. • https://gitlab.com/gitlab-org/gitlab/-/issues/463092 https://hackerone.com/reports/2499070 • CWE-400: Uncontrolled Resource Consumption •