GitLab Security Breach

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD Continuous Integration and Continuous Delivery and other features. A security vulnerability exists in GitLab CE/EE versions 13.7 through 16.6.6 or...

GitLab: Send arbitrary PUT requests when user clicks on a link

Dear teams, Summary Mermaid allows users to set class name of a block. This ability becomes vulnerable in Gitlab issues because of issue.jsL90: javascript return $document.on 'click', '.js-issuable-actions a.btn-close, .js-issuable-actions a.btn-reopen', e = ... const $button = $e.currentTarget;...