49 matches found
EUVD-2018-1593
Malware in sbrugna...
EUVD-2020-5603
Malware in sbrugna...
EUVD-2023-44066
Malicious code in bioql PyPI...
EUVD-2024-0259
Malicious code in bioql PyPI...
EUVD-2024-46280
Malicious code in bioql PyPI...
EUVD-2025-25132
Malicious code in bioql PyPI...
CVE-2025-55201 Copier safe template has arbitrary filesystem read/write access
Copier library and CLI app for rendering project templates. Prior to 9.9.1, a safe template can currently read and write arbitrary files because Copier exposes a few pathlib.Path objects in the Jinja context which have unconstrained I/O methods. This effectively renders the security model w.r.t...
CVE-2020-13343
An issue has been discovered in GitLab affecting all versions starting from 11.2. Unauthorized Users Can View Custom Project Template...
BIT-GITLAB-2024-5005 Incorrect Provision of Specified Functionality in GitLab
An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 11.4 before 17.2.9, all versions starting from 17.3 before 17.3.5, all versions starting from 17.4 before 17.4.2 It was possible for guest users to disclose project templates using the API...
CVE-2024-5005
An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 11.4 before 17.2.9, all versions starting from 17.3 before 17.3.5, all versions starting from 17.4 before 17.4.2 It was possible for guest users to disclose project templates using the API...
UBUNTU-CVE-2024-5005
An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 11.4 before 17.2.9, all versions starting from 17.3 before 17.3.5, all versions starting from 17.4 before 17.4.2 It was possible for guest users to disclose project templates using the API...
CVE-2024-5005
GitLab CVE-2024-5005 affects GitLab EE/CE with version ranges: 11.4–17.2.8, 17.3–17.3.4, and 17.4–17.4.1. Affects guests who could disclose project templates via the API. The issue is fixed in GitLab in the following patched releases: 17.2.9, 17.3.5, and 17.4.2. If you are using any vulnerable ve...
CVE-2024-5005 Incorrect Provision of Specified Functionality in GitLab
An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 11.4 before 17.2.9, all versions starting from 17.3 before 17.3.5, all versions starting from 17.4 before 17.4.2 It was possible for guest users to disclose project templates using the API...
CVE-2024-5005 Incorrect Provision of Specified Functionality in GitLab
An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 11.4 before 17.2.9, all versions starting from 17.3 before 17.3.5, all versions starting from 17.4 before 17.4.2 It was possible for guest users to disclose project templates using the API...
GitLab 11.4 < 17.2.9 / 17.3 < 17.3.5 / 17.4 < 17.4.2 (CVE-2024-5005)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - Gitlab reports: Run pipelines on arbitrary branches An attacker can impersonate arbitrary user SSRF in Analytics Dashboard Viewing diffs of MR with conflicts can be slow HTMLi in OAuth page Deploy Key...
GitLab 安全漏洞
GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. A security vulnerability exists in GitLab version 11.4 up to and including...
PT-2024-7078 · Gitlab · Gitlab Ce/Ee +1
Name of the Vulnerable Software and Affected Versions: GitLab EE/CE versions 11.4 through 17.2.8 GitLab EE/CE versions 17.3 through 17.3.4 GitLab EE/CE versions 17.4 through 17.4.1 Description: The issue is related to errors in the representation of given functions in the GitLab platform, allowin...
BIT-GITLAB-2020-13343
An issue has been discovered in GitLab affecting all versions starting from 11.2. Unauthorized Users Can View Custom Project Template...
BIT-GITLAB-2023-3399 Insertion of Sensitive Information Into Sent Data in GitLab
An issue has been discovered in GitLab EE affecting all versions starting from 11.6 before 16.3.6, all versions starting from 16.4 before 16.4.2, all versions starting from 16.5 before 16.5.1. It was possible for an unauthorised project or group member to read the CI/CD variables using the custom...
dotnet: .NET Denial of Service Vulnerability
A Denial of Service vulnerability was found in .NET Core project templates that utilize JWT-based authentication tokens. This issue may allow an unauthenticated client to consume arbitrarily large amounts of server memory, potentially triggering an out-of-memory condition on the server and making...