FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-10-31 10:54:49 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
49ef501c-62b6-11ef-bba5-2cf05da270f3Gitlab -- vulnerabilities

Gitlab reports:

The GitLab Web Interface Does Not Guarantee Information Integrity When Downloading Source Code from Releases

Denial of Service by importing maliciously crafted GitHub repository

Prompt injection in "Resolve Vulnerabilty" results in arbitrary command execution in victim's pipeline

An unauthorized user can perform certain actions through GraphQL after a group owner enables IP restrictions


Discovery 2024-08-21
Entry 2024-08-25
gitlab-ce
gitlab-ee
>= 17.3.0 lt 17.3.1

>= 17.2.0 lt 17.2.4

>= 8.2.0 lt 17.1.6

CVE-2024-6502
CVE-2024-8041
CVE-2024-7110
CVE-2024-3127
https://about.gitlab.com/releases/2024/08/21/patch-release-gitlab-17-3-1-released/
729008b9-54bf-11ef-a61b-2cf05da270f3Gitlab -- Vulnerabilities

Gitlab reports:

Privilege Escalation via LFS Tokens Granting Unrestricted Repository Access

Cross project access of Security policy bot

Advanced search ReDOS in highlight for code results

Denial of Service via banzai pipeline

Denial of service using adoc files

ReDoS in RefMatcher when matching branch names using wildcards

Path encoding can cause the Web interface to not render diffs correctly

XSS while viewing raw XHTML files through API

Ambiguous tag name exploitation

Logs disclosings potentially sensitive data in query params

Password bypass on approvals using policy projects

ReDoS when parsing git push

Webhook deletion audit log can preserve auth credentials


Discovery 2024-08-07
Entry 2024-08-07
gitlab-ce
gitlab-ee
>= 17.2.0 lt 17.2.2

>= 17.1.0 lt 17.1.4

>= 12.0.0 lt 17.0.6

CVE-2024-3035
CVE-2024-6356
CVE-2024-5423
CVE-2024-4210
CVE-2024-2800
CVE-2024-6329
CVE-2024-4207
CVE-2024-3958
CVE-2024-4784
CVE-2024-3114
CVE-2024-7586
https://about.gitlab.com/releases/2024/08/07/patch-release-gitlab-17-2-2-released/