EUVD-2021-26262

Malware in sbrugna...

EUVD-2024-53885

Malicious code in bioql PyPI...

BIT-GITLAB-2024-10383 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab VSCode Fork

An issue has been discovered in the gitlab-web-ide-vscode-fork component distributed over CDN affecting all versions prior to 1.89.1 and used by all versions of GitLab CE/EE starting from 15.11 prior to 17.3 and which also temporarily affected versions 17.4, 17.5 and 17.6, where a XSS attack was...

CVE-2024-10383

An issue has been discovered in the gitlab-web-ide-vscode-fork component distributed over CDN affecting all versions prior to 1.89.1-1.0.0-dev-20241118094343and used by all versions of GitLab CE/EE starting from 15.11 prior to 17.3 and which also temporarily affected versions 17.4, 17.5 and 17.6,...

CVE-2024-10383

An issue has been discovered in the gitlab-web-ide-vscode-fork component distributed over CDN affecting all versions prior to 1.89.1-1.0.0-dev-20241118094343and used by all versions of GitLab CE/EE starting from 15.11 prior to 17.3 and which also temporarily affected versions 17.4, 17.5 and 17.6,...

CVE-2024-10383 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab VSCode Fork

An issue has been discovered in the gitlab-web-ide-vscode-fork component distributed over CDN affecting all versions prior to 1.89.1-1.0.0-dev-20241118094343and used by all versions of GitLab CE/EE starting from 15.11 prior to 17.3 and which also temporarily affected versions 17.4, 17.5 and 17.6,...

CVE-2024-10383

The CVE-2024-10383 entry concerns the gitlab-web-ide-vscode-fork component distributed over CDN. Affected versions include all prior to 1.89.1-1.0.0-dev-20241118094343 and used by GitLab CE/EE from 15.11 up to 17.3, with temporary impact on 17.4–17.6. The issue is described as a Cross-Site Script...

PT-2025-5974 · Gitlab · Gitlab Ce/Ee +1

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions prior to 17.3 GitLab CE/EE versions 17.4, 17.5, and 17.6 gitlab-web-ide-vscode-fork versions prior to 1.89.1-1.0.0-dev-20241118094343 Description: An issue has been discovered in the gitlab-web-ide-vscode-fork component,...

CVE-2021-39906

Improper validation of ipynb files in GitLab CE/EE version 13.5 and above allows an attacker to execute arbitrary JavaScript code on the victim's behalf...

BIT-GITLAB-2021-39906

Improper validation of ipynb files in GitLab CE/EE version 13.5 and above allows an attacker to execute arbitrary JavaScript code on the victim's behalf...

BIT-JUPYTER-BASE-NOTEBOOK-2021-32798 Failure to Sanitize Special Elements into a Different Plane (Special Element Injection) in notebook

The Jupyter notebook is a web-based notebook environment for interactive computing. In affected versions untrusted notebook can execute code on load. Jupyter Notebook uses a deprecated version of Google Caja to sanitize user inputs. A public Caja bypass can be used to trigger an XSS when a victim...

Cross-site Scripting (XSS)

gitlab is vulnerable to Cross-site Scripting XSS. The vulnerability exists due to the improper validation in the ipynb files of the library, which allows an attacker to inject and execute malicious javascript...

PT-2022-4615 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions prior to 15.1.6 GitLab versions 15.2 through 15.2.4 GitLab versions 15.3 through 15.3.2 Description: The issue is related to insufficient input validation in the ipynb Notebook component of GitLab, a platform for collaborative...

Fedora: Security Advisory for pandoc (FEDORA-2022-1f981071eb)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

CVE-2021-39906

Improper validation of ipynb files in GitLab CE/EE version 13.5 and above allows an attacker to execute arbitrary JavaScript code on the victim's behalf...

Input validation

Improper validation of ipynb files in GitLab CE/EE version 13.5 and above allows an attacker to execute arbitrary JavaScript code on the victim's behalf...

CVE-2021-39906

Improper validation of ipynb files in GitLab CE/EE version 13.5 and above allows an attacker to execute arbitrary JavaScript code on the victim's behalf...

CVE-2021-39906

CVE-2021-39906 affects GitLab CE/EE 13.5 and later. The root cause is the improper validation of ipynb files, enabling an attacker to have the victim’s browser execute arbitrary JavaScript. Exploitation is not elaborated in the provided documents, but several sources indicate affected versions an...

CVE-2021-39906

Improper validation of ipynb files in GitLab CE/EE version 13.5 and above allows an attacker to execute arbitrary JavaScript code on the victim's behalf...

CVE-2021-39906

Removed by vendor...