3 matches found
CVE-2025-6454
Removed by vendor...
GitLab 16.11 < 18.1.6 / 18.2 < 18.2.6 / 18.3 < 18.3.2 (CVE-2025-6454)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - The vulnerability exists due to insufficient validation of user-supplied input in Webhook custom header. A remote user can send a specially crafted HTTP request and trick the application to initiate...
PT-2025-37106
Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 16.11 through 18.3.2 Description An issue has been discovered in GitLab CE/EE that allows authenticated users to make unintended internal requests through proxy environments by injecting crafted sequences. The vulnerabili...