Lucene search
K

123 matches found

Debian CVE
Debian CVE
added 2022/04/04 7:46 p.m.65 views

CVE-2022-1121

Removed by vendor...

5.3CVSS6AI score0.0104EPSS
Exploits0
CVE
CVE
added 2022/04/04 7:46 p.m.106 views

CVE-2022-1121

CVE-2022-1121 concerns GitLab Pages within GitLab CE/EE. The issue is a missing/insufficient timeout mechanism that can allow an attacker to trigger unlimited resource consumption, effectively a Denial of Service. Affected versions are GitLab Pages-enabled deployments of GitLab CE/EE: all version...

5.3CVSS5.1AI score0.0104EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2022/04/01 12:0 a.m.6 views

GitLab 输入验证错误漏洞

GitLab is an open source, end-to-end software development platform from GitLab, Inc. with built-in version control, issue tracking, code review, CI/CD continuous integration and continuous delivery, and other features. GitLab is vulnerable to an input validation error vulnerability that exists du...

5.3CVSS5.8AI score0.0104EPSS
Exploits0References5
NVD
NVD
added 2021/01/15 4:15 p.m.31 views

CVE-2021-22171

Insufficient validation of authentication parameters in GitLab Pages for GitLab 11.5+ allows an attacker to steal a victim's API token if they click on a maliciously crafted link...

7.3CVSS6.9AI score0.01332EPSS
Exploits0References3
OSV
OSV
added 2021/01/15 4:15 p.m.31 views

CVE-2021-22171

Insufficient validation of authentication parameters in GitLab Pages for GitLab 11.5+ allows an attacker to steal a victim's API token if they click on a maliciously crafted link...

6.5CVSS6.6AI score0.01332EPSS
Exploits0References3
OSV
OSV
added 2021/01/15 4:15 p.m.3 views

UBUNTU-CVE-2021-22171

Insufficient validation of authentication parameters in GitLab Pages for GitLab 11.5+ allows an attacker to steal a victim's API token if they click on a maliciously crafted link...

7.3CVSS5.8AI score0.01332EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/01/15 3:10 p.m.39 views

CVE-2021-22171

Insufficient validation of authentication parameters in GitLab Pages for GitLab 11.5+ allows an attacker to steal a victim's API token if they click on a maliciously crafted link...

7.3CVSS7.2AI score0.01332EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2021/01/15 12:0 a.m.4 views

PT-2021-14886 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 11.5 and later Description: The issue is related to insufficient validation of authentication parameters in GitLab Pages, allowing an attacker to steal a victim's API token if they click on a maliciously crafted link...

7.3CVSS6.5AI score0.01332EPSS
Exploits0References11
Tenable Nessus
Tenable Nessus
added 2020/08/10 12:0 a.m.27 views

Debian DLA-2316-1 : ruby-kramdown security update

ruby-kramdown processes the template option inside Kramdown documents by default, which allows unintended read access such as template='/etc/passwd' or unintended embedded Ruby code execution such as a string that begins with template='string://%= . NOTE: kramdown is used in Jekyll, GitLab Pages,...

9.8CVSS8AI score0.0456EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2020/08/07 10:27 p.m.62 views

Unintended read access in kramdown gem

The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as template="/etc/passwd" or unintended embedded Ruby code execution such as a string that begins with template="string://%= . NOTE: kramdown is used...

9.8CVSS2.6AI score0.0456EPSS
Exploits0References15Affected Software1
OSV
OSV
added 2020/07/17 4:15 p.m.22 views

CVE-2020-14001

The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as template="/etc/passwd" or unintended embedded Ruby code execution such as a string that begins with template="string://%= . NOTE: kramdown is used...

9.8CVSS7AI score
Exploits0References13
NVD
NVD
added 2020/07/17 4:15 p.m.25 views

CVE-2020-14001

The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as template="/etc/passwd" or unintended embedded Ruby code execution such as a string that begins with template="string://%= . NOTE: kramdown is used...

9.8CVSS0.0456EPSS
Exploits0References13
OSV
OSV
added 2020/07/17 4:15 p.m.2 views

DEBIAN-CVE-2020-14001

The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as template="/etc/passwd" or unintended embedded Ruby code execution such as a string that begins with template="string://%= . NOTE: kramdown is used...

9.8CVSS9AI score0.0456EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2020/07/17 4:15 p.m.34 views

CVE-2020-14001

The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as template="/etc/passwd" or unintended embedded Ruby code execution such as a string that begins with template="string://%= . NOTE: kramdown is used...

9.8CVSS7.6AI score0.0456EPSS
Exploits0References9
OSV
OSV
added 2020/07/17 4:15 p.m.4 views

UBUNTU-CVE-2020-14001

The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as template="/etc/passwd" or unintended embedded Ruby code execution such as a string that begins with template="string://%= . NOTE: kramdown is used...

9.8CVSS7.7AI score0.0456EPSS
Exploits0References10
CVE
CVE
added 2020/07/17 3:27 p.m.164 views

CVE-2020-14001

The vulnerability CVE-2020-14001 affects the kramdown Ruby gem prior to 2.3.0, where the template option is processed by default in Kramdown documents. This can allow unintended read access (e.g., template="/etc/passwd") or unintended embedded Ruby code execution (e.g., template="string://<%= ...

9.8CVSS9.3AI score0.0456EPSS
Exploits0References13Affected Software1
Debian CVE
Debian CVE
added 2020/07/17 3:27 p.m.24 views

CVE-2020-14001

The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as template="/etc/passwd" or unintended embedded Ruby code execution such as a string that begins with template="string://%= . NOTE: kramdown is used...

9.8CVSS9.6AI score0.0456EPSS
Exploits0
Cvelist
Cvelist
added 2020/07/17 3:27 p.m.47 views

CVE-2020-14001

The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as template="/etc/passwd" or unintended embedded Ruby code execution such as a string that begins with template="string://%= . NOTE: kramdown is used...

9.4AI score0.0456EPSS
Exploits0References13
AlpineLinux
AlpineLinux
added 2020/07/17 3:27 p.m.49 views

CVE-2020-14001

The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as template="/etc/passwd" or unintended embedded Ruby code execution such as a string that begins with template="string://%= . NOTE: kramdown is used...

9.8CVSS9.6AI score0.0456EPSS
Exploits0
RubySec
RubySec
added 2020/06/28 12:0 a.m.29 views

Unintended read access in kramdown gem

The kramdown gem before 2.3.0 for Ruby processes the template option inside Kramdown documents by default, which allows unintended read access such as template="/etc/passwd" or unintended embedded Ruby code execution such as a string that begins with template="string://%= . NOTE: kramdown is used...

9.8CVSS2.6AI score0.0456EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder