218 matches found
CVE-2023-6678
Removed by vendor...
CVE-2023-6678 Inefficient Regular Expression Complexity in GitLab
An issue has been discovered in GitLab EE affecting all versions before 16.8.6, all versions starting from 16.9 before 16.9.4, all versions starting from 16.10 before 16.10.2. It was possible for an attacker to cause a denial of service using malicious crafted content in a junit test report file...
PT-2024-15047 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab EE versions prior to 16.8.6 GitLab EE versions 16.9 through 16.9.3 GitLab EE versions 16.10 through 16.10.1 Description: An issue has been discovered in GitLab EE that allows an attacker to cause a denial of service using maliciously...
FreeBSD : Gitlab -- Patch Release: 16.10.2, 16.9.4, 16.8.6 (dad6294c-f7c1-11ee-bb77-001b217b3468)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the dad6294c-f7c1-11ee-bb77-001b217b3468 advisory. - Gitlab reports: Stored XSS injected in diff viewer Stored XSS via autocomplete results Redos...
Gitlab -- Patch Release: 16.10.2, 16.9.4, 16.8.6
Gitlab reports: Stored XSS injected in diff viewer Stored XSS via autocomplete results Redos on Integrations Chat Messages Redos During Parse Junit Test Report...
Fedora: Security Advisory for classloader-leak-test-framework (FEDORA-2024-129d8ca6fc)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for easymock (FEDORA-2024-129d8ca6fc)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora: Security Advisory for opentest4j (FEDORA-2024-129d8ca6fc)
The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 40 Update: truth-1.0.1-11.fc40
Truth is a library provides alternative ways to express assertions in unit tests. It can be used as a replacement for JUnit's assertions or FEST or it can be used alongside where other approaches seem more suitable...
[SECURITY] Fedora 40 Update: opentest4j-1.3.0-6.fc40
Open Test Alliance for the JVM is a minimal common foundation for testing libraries on the JVM. The primary goal of the project is to enable testing frameworks like JUnit, TestNG, Spock, etc. and third-party assertion libraries like Hamcrest, AssertJ, etc. to use a common set of exceptions that...
[SECURITY] Fedora 40 Update: junit-4.13.2-6.fc40
JUnit is a regression testing framework written by Erich Gamma and Kent Beck. It is used by the developer who implements unit tests in Java. JUnit is Open Source Software, released under the Common Public License Version 1.0 and hosted on GitHub...
[SECURITY] Fedora 40 Update: easymock-4.3-8.fc40
EasyMock provides Mock Objects for interfaces in JUnit tests by generating them on the fly using Java's proxy mechanism. Due to EasyMock's unique style of recording expectations, most refactorings will not affect the Mock Objects. So EasyMock is a perfect fit for Test-Driven Development...
[SECURITY] Fedora 40 Update: classloader-leak-test-framework-2.7.0-8.fc40
Stand-alone test framework for detecting and/or verifying the existence or non-existence of Java ClassLoader leaks. It is also possible to test leak prevention mechanisms to confirm that the leak really is avoided. The framewo rk is an built upon JUnit...
[SECURITY] Fedora 40 Update: assertj-core-3.24.2-8.fc40
A rich and intuitive set of strongly-typed assertions to use for unit testing either with JUnit or TestNG...
[SECURITY] Fedora 40 Update: ant-antunit-1.4.1-11.fc40
This library contains tasks that enables Ant task developers to test their ta sks with Ant and without JUnit. It contains a few assertion tasks and an antunit task that runs build files instead of test classes and is modelled after the JUnit task...
jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin
A flaw was found in the Jenkins JUnit plugin. The affected versions of the JUnit Plugin do not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting XSS vulnerability. This may allow an attacker to control test case class names in the JUnit resources...
jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin
A flaw was found in the Jenkins JUnit plugin. The affected versions of the JUnit Plugin do not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting XSS vulnerability. This may allow an attacker to control test case class names in the JUnit resources...
jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin
A flaw was found in the Jenkins JUnit plugin. The affected versions of the JUnit Plugin do not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting XSS vulnerability. This may allow an attacker to control test case class names in the JUnit resources...
jenkins-2-plugins/JUnit: Stored XSS vulnerability in JUnit Plugin
A flaw was found in the Jenkins JUnit plugin. The affected versions of the JUnit Plugin do not escape test case class names in JavaScript expressions, resulting in a stored cross-site scripting XSS vulnerability. This may allow an attacker to control test case class names in the JUnit resources...
Important: Red Hat Security Advisory: jenkins and jenkins-2-plugins security update
An update for jenkins and jenkins-2-plugins is now available for OpenShift Developer Tools and Services for OCP 4.13. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...