CVE-2018-12605
Summary : CVE-2018-12605 affects GitLab Community and Enterprise Editions 10.7.x prior to 10.7.6. The issue is a Cross‑Site Scripting flaw in the use of the URL handling function url_for, which incorrectly permits arbitrary protocols as parameters. Impact (as stated in sources) : An attacker coul...