Lucene search
K

126 matches found

Prion
Prion
added 2019/09/09 8:15 p.m.18 views

Input validation

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS issue 1 of 2. Markdown fields contain a lack of input validation and output encoding when processing KaTeX that results in a persistent XSS...

4.3CVSS6AI score0.01055EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2019/09/09 7:21 p.m.23 views

CVE-2019-6784

An issue was discovered in GitLab Community and Enterprise Edition before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1. It allows XSS issue 1 of 2. Markdown fields contain a lack of input validation and output encoding when processing KaTeX that results in a persistent XSS...

6.4AI score0.01055EPSS
Exploits1References2
CVE
CVE
added 2019/09/09 7:21 p.m.125 views

CVE-2019-6784

GitLab CVE-2019-6784 affects GitLab Community and Enterprise Edition: versions before 11.5.8, 11.6.x before 11.6.6, and 11.7.x before 11.7.1 are vulnerable. A persistent XSS flaw arises in Markdown processing due to lack of input validation and output encoding when KaTeX is processed. Impact is l...

6.1CVSS5.9AI score0.01055EPSS
Exploits1References2Affected Software1
Debian CVE
Debian CVE
added 2019/09/09 7:21 p.m.24 views

CVE-2019-6784

Removed by vendor...

6.1CVSS6.9AI score0.01055EPSS
Exploits1
Hacker One
Hacker One
added 2019/04/26 3:41 p.m.18 views

GitLab: Clientside resource Exhausting by exploiting gitlab math rendering

Summary based on the documentation gitlab markdown is supporting math expresion rendering using KaTex and able to run subset syntax from LaTex this could be achieved by using 2 ways in the markdown for inline and for multiline. F476662 Steps to reproduce Step-by-step guide to reproduce the issue,...

6.8AI score
Exploits0
Veracode
Veracode
added 2016/12/14 5:5 a.m.13 views

Denial Of Service (DoS)

KaTeX is vulnerable to denial of service DoS attacks. These attacks are possible by chaining multiple /sqrt statements to take up 100% CPU power...

6.5AI score
Exploits0
Rows per page
Query Builder