CVE-2017-0914
CVE-2017-0914 affects GitLab CE/EE 10.1, 10.2, and 10.2.4. The MilestoneFinder component is vulnerable to an SQL injection in the order logic, where reordering milestones is performed without sanitization, allowing an attacker to disclose all data in the GitLab instance database. Multiple connect...