GitLab: GitLab::UrlBlocker validation bypass leading to full Server Side Request Forgery

Summary The GitLab::UrlBlocker IP address validation methods suffer from a Time of Check to Time of Use ToCToU vulnerability. The vulnerability occurs due to multiple DNS resolution requests performed before and after the checks. This issue allows a malicious authenticated user to send GET and PO...