FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-02-20 09:44:03 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
1a8c5720-e9cf-11ef-9e96-2cf05da270f3	Gitlab -- Vulnerabilities Gitlab reports: A CSP-bypass XSS in merge-request page Denial of Service due to Unbounded Symbol Creation Exfiltrate content from private issues using Prompt Injection A custom permission may allow overriding Repository settings Internal HTTP header leak via route confusion in workhorse SSRF via workspaces Unauthorized Incident Closure and Deletion by Planner Role in GitLab ActionCable does not invalidate tokens after revocation Discovery 2025-02-12 Entry 2025-02-13 gitlab-ce gitlab-ee >= 17.8.0 lt 17.8.2 >= 17.7.0 lt 17.7.4 >= 8.3.0 lt 17.6.5 CVE-2025-0376 CVE-2024-12379 CVE-2024-3303 CVE-2025-1042 CVE-2025-1212 CVE-2024-9870 CVE-2025-0516 CVE-2025-1198 https://about.gitlab.com/releases/2025/02/12/patch-release-gitlab-17-8-2-released/

VuXML ID

Description

1a8c5720-e9cf-11ef-9e96-2cf05da270f3

Gitlab -- Vulnerabilities

Gitlab reports:

A CSP-bypass XSS in merge-request page

Denial of Service due to Unbounded Symbol Creation

Exfiltrate content from private issues using Prompt Injection

A custom permission may allow overriding Repository settings

Internal HTTP header leak via route confusion in workhorse

SSRF via workspaces

Unauthorized Incident Closure and Deletion by Planner Role in GitLab

ActionCable does not invalidate tokens after revocation

Discovery 2025-02-12
Entry 2025-02-13
gitlab-ce
gitlab-ee

>= 17.8.0 lt 17.8.2

>= 17.7.0 lt 17.7.4

>= 8.3.0 lt 17.6.5

CVE-2025-0376
CVE-2024-12379
CVE-2024-3303
CVE-2025-1042
CVE-2025-1212
CVE-2024-9870
CVE-2025-0516
CVE-2025-1198
https://about.gitlab.com/releases/2025/02/12/patch-release-gitlab-17-8-2-released/