CVE-2018-20496 (NVD)

2019-12-30

An issue was discovered in GitLab Community and Enterprise Edition 11.2.x through 11.4.x before 11.4.13, 11.5.x before 11.5.6, and 11.6.x before 11.6.1. It allows XSS.

Products Gitlab
Type Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)
First patch - None (likely due to unavailable code)
Links https://gitlab.com/gitlab-org/gitlab-ce/issues/54427
https://about.gitlab.com/2018/12/31/security-release-gitlab-11-dot-6-dot-1-released/