GitLab: Stored XSS in markdown via the DesignReferenceFilter

Summary When rendering markdown, links to designs are parsed using the following linkreferencepattern: https://gitlab.com/gitlab-org/gitlab/-/blob/v13.12.1-ee/app/models/designmanagement/design.rbL168 ruby def self.linkreferencepattern @linkreferencepattern ||= begin pathsegment =...