CVE-2020-26222

Dependabot is a set of packages for automated dependency management for Ruby, JavaScript, Python, PHP, Elixir, Rust, Java, .NET, Elm and Go. In Dependabot-Core from version 0.119.0.beta1 before version 0.125.1, there is a remote code execution vulnerability in dependabot-common and...

UBUNTU-CVE-2023-3979

An issue has been discovered in GitLab affecting all versions starting from 10.6 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that upstream members to collaborate with you on your branch get permission to write to the...

CVE-2023-3979 Incorrect Authorization in GitLab

An issue has been discovered in GitLab affecting all versions starting from 10.6 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that upstream members to collaborate with you on your branch get permission to write to the...

CVE-2023-3979 Incorrect Authorization in GitLab

An issue has been discovered in GitLab affecting all versions starting from 10.6 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that upstream members to collaborate with you on your branch get permission to write to the...

PT-2023-27107 · Gitlab · Gitlab

Name of the Vulnerable Software and Affected Versions: GitLab versions 10.6 through 16.2.8 GitLab versions 16.3 through 16.3.5 GitLab versions 16.4 through 16.4.1 Description: An issue has been discovered in GitLab where upstream members collaborating on a branch could get permission to write to...

Denial Of Service (DoS)

gitlab is vulnerable to Denial Of Service DoS. The vulnerability exists due to the infinite loop when an authenticated user with specific rights access a MR having source and target branch pointing to each other, leading to crash the application...

CVE-2021-22197

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 where an infinite loop exist when an authenticated user with specific rights access a MR having source and target branch pointing to each other...

Design/Logic Flaw

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 where an infinite loop exist when an authenticated user with specific rights access a MR having source and target branch pointing to each other...

CVE-2021-22197

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 where an infinite loop exist when an authenticated user with specific rights access a MR having source and target branch pointing to each other...

CVE-2021-22197

Removed by vendor...

CVE-2021-22197

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 where an infinite loop exist when an authenticated user with specific rights access a MR having source and target branch pointing to each other...

CVE-2020-26222

Dependabot is a set of packages for automated dependency management for Ruby, JavaScript, Python, PHP, Elixir, Rust, Java, .NET, Elm and Go. In Dependabot-Core from version 0.119.0.beta1 before version 0.125.1, there is a remote code execution vulnerability in dependabot-common and...

Remote Code Execution (RCE)

Overview dependabot-common is an Automated dependency management. Affected versions of this package are vulnerable to Remote Code Execution RCE by cloning source branch containing malicious injectable bash code. Remediation Upgrade dependabot-common to version 0.125.1 or higher. References - GitH...

Remote code execution in dependabot-core branch names when cloning

Impact Remote code execution vulnerability in dependabot-common and dependabot-gomodules when a source branch name contains malicious injectable bash code. For example, if Dependabot is configured to use the following source branch name: "/$curl,127.0.0.1", Dependabot will make a HTTP request to...

Remote Code Execution (RCE)

Overview dependabot-omnibus is an Automated dependency management Affected versions of this package are vulnerable to Remote Code Execution RCE by cloning source branch containing malicious injectable bash code. Remediation Upgrade dependabot-omnibus to version 0.125.1 or higher. References -...