CVE-2024-5318

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.11 prior to 16.10.6, starting from 16.11 prior to 16.11.3, and starting from 17.0 prior to 17.0.1. A Guest user can view dependency lists of private projects through job artifacts...

aind-airflow-jobs (>=0.2.1 <=0.2.6), airflow-ansible-provider (=0.6.0) +15 more potentially affected by CVE-2024-31869 via apache-airflow (>=2.7.1 <=2.8.4)

apache-airflow PYPI version =2.7.1, =0.2.1, =1.1.0, =0.3.1, =0.0.4, =0.0.1a0, =1.0.0rc1, =1.0.0rc1, =1.0.0, =0.1.30, =0.0.1, =0.1.0, =1.1.0.post0.dev45, =1.1.3.post0.dev5 and more Source cves: CVE-2024-31869 Source advisory: OSV:GHSA-2522-MRJC-M688...

accuinsight (>=1.0.62 <=3.0.0rc2), adapt-diagnostics (>=1.2.0 <=1.6.0) +110 more potentially affected by CVE-2021-29541 via tensorflow (>=2.3.0 <=2.3.2)

tensorflow PYPI version =2.3.0, =1.0.62, =1.2.0, =0.1.0, =0.0.1a0, =0.0.1, =1.0.0rc1, =20210206.0.0, =0.1.0.dev1, =0.2.4, =1.0.1.0, =1.0.3 - cardec-cite =1.1.0 and more Source cves: CVE-2021-29541 Source advisory: OSV:GHSA-XQFJ-35WV-M3CR...

FreeBSD : Gitlab -- Multiple Vulnerabilities (1aa7a094-1147-11ea-b537-001b217b3468)

Gitlab reports : Path traversal with potential remote code execution Private objects exposed through project import Disclosure of notes via Elasticsearch integration Disclosure of comments via Elasticsearch integration DNS Rebind SSRF in various chat notifications Disclosure of vulnerability stat...

Gitlab -- Multiple Vulnerabilities

Gitlab reports: Path traversal with potential remote code execution Private objects exposed through project import Disclosure of notes via Elasticsearch integration Disclosure of comments via Elasticsearch integration DNS Rebind SSRF in various chat notifications Disclosure of vulnerability statu...