Note:
This project will be discontinued after December 13, 2021. [more]
2020-01-05
In GitLab EE 11.3 through 12.5.3, 12.4.5, and 12.3.8, insufficient parameter sanitization for the Maven package registry could lead to privilege escalation and remote code execution vulnerabilities under certain conditions.
Products | Gitlab |
Type | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22) |
First patch | - None (likely due to unavailable code) |
Links |
• https://about.gitlab.com/blog/categories/releases/
• https://about.gitlab.com/blog/2019/12/10/critical-security-release-gitlab-12-5-4-released/ |