5.4

CVSS3.1

CVE-2024-8179 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 17.3 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. Improper output encoding could lead to XSS if CSP is not enabled.

πŸ“… Published: Dec. 12, 2024, 12:03 p.m. πŸ”„ Last Modified: July 11, 2025, 8:11 p.m.

7.5

CVSS3.1

CVE-2024-8233 - Inefficient Algorithmic Complexity in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 9.4 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. An attacker could cause a denial of service with requests for diff files on a commit or merge request.

πŸ“… Published: Dec. 12, 2024, 12:02 p.m. πŸ”„ Last Modified: July 11, 2025, 8:10 p.m.

5.4

CVSS3.1

CVE-2024-8647 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in GitLab

An issue was discovered in GitLab affecting all versions starting 15.2 to 17.4.6, 17.5 prior to 17.5.4, and 17.6 prior to 17.6.2. On self hosted installs, it was possible to leak the anti-CSRF-token to an external site while the Harbor integration was enabled.

πŸ“… Published: Dec. 12, 2024, 12:02 p.m. πŸ”„ Last Modified: July 11, 2025, 7:31 p.m.

4.3

CVSS3.1

CVE-2024-9367 - Allocation of Resources Without Limits or Throttling in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2, that allows an attacker to cause uncontrolled CPU consumption, potentially leading to a Denial of Service (DoS) condition while parsing templates to generate …

πŸ“… Published: Dec. 12, 2024, 12:02 p.m. πŸ”„ Last Modified: July 11, 2025, 7:30 p.m.

6.4

CVSS3.1

CVE-2024-9387 - URL Redirection to Untrusted Site ('Open Redirect') in GitLab

An issue was discovered in GitLab CE/EE affecting all versions from 11.8 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. An attacker could potentially perform an open redirect against a given releases API endpoint.

πŸ“… Published: Dec. 12, 2024, 12:02 p.m. πŸ”„ Last Modified: July 11, 2025, 8:35 p.m.

3.1

CVSS3.1

CVE-2024-10043 - Incorrect Authorization in GitLab

An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 17.4.6, all versions starting from 17.5 before 17.5.4 all versions starting from 17.6 before 17.6.2, that allows group users to view confidential incident title through the Wiki History Diff feature, potentia…

πŸ“… Published: Dec. 12, 2024, 12:02 p.m. πŸ”„ Last Modified: July 11, 2025, 8:33 p.m.

8.7

CVSS3.1

CVE-2024-11274 - URL Redirection to Untrusted Site ('Open Redirect') in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 17.4.6, starting from 17.5 prior to 17.5.4, and starting from 17.6 prior to 17.6.2, injection of NEL headers in k8s proxy response could lead to session data exfiltration.

πŸ“… Published: Dec. 12, 2024, 12:02 p.m. πŸ”„ Last Modified: July 11, 2025, 8:33 p.m.

7.1

CVSS3.1

CVE-2024-54107 -

Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability.

πŸ“… Published: Dec. 12, 2024, 12:01 p.m. πŸ”„ Last Modified: Sept. 18, 2025, 7:15 a.m.

7.1

CVSS3.1

CVE-2024-54106 -

Null pointer dereference vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability.

πŸ“… Published: Dec. 12, 2024, noon πŸ”„ Last Modified: Dec. 12, 2024, 8:17 p.m.

5.1

CVSS3.1

CVE-2024-54105 -

Read/Write vulnerability in the image decoding module Impact: Successful exploitation of this vulnerability will affect availability.

πŸ“… Published: Dec. 12, 2024, 11:59 a.m. πŸ”„ Last Modified: Dec. 12, 2024, 8:17 p.m.
Total resulsts: 343825
Page 6965 of 34,383
Β« previous page Β» next page
Filters