FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-01-25 14:24:43 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
f848ef90-1848-11ef-9850-001b217b3468	Gitlab -- Vulnerabilities Gitlab reports: 1-click account takeover via XSS in the code editor in gitlab.com A DOS vulnerability in the 'description' field of the runner CSRF via K8s cluster-integration Using Set Pipeline Status of a Commit API incorrectly create a new pipeline when SHA and pipeline_id did not match Redos on wiki render API/Page Resource exhaustion and denial of service with test_report API calls Guest user can view dependency lists of private projects through job artifacts Stored XSS via PDFjs Discovery 2024-05-22 Entry 2024-05-22 gitlab-ce gitlab-ee >= 17.0.0 lt 17.0.1 >= 16.11.0 lt 16.11.3 >= 11.11 lt 16.10.6 CVE-2024-4835 CVE-2024-2874 CVE-2023-7045 CVE-2023-6502 CVE-2024-1947 CVE-2024-4367 https://about.gitlab.com/releases/2024/05/22/patch-release-gitlab-17-0-1-released/

VuXML ID

Description

f848ef90-1848-11ef-9850-001b217b3468

Gitlab -- Vulnerabilities

Gitlab reports:

1-click account takeover via XSS in the code editor in gitlab.com

A DOS vulnerability in the 'description' field of the runner

CSRF via K8s cluster-integration

Using Set Pipeline Status of a Commit API incorrectly create a new pipeline when SHA and pipeline_id did not match

Redos on wiki render API/Page

Resource exhaustion and denial of service with test_report API calls

Guest user can view dependency lists of private projects through job artifacts

Stored XSS via PDFjs

Discovery 2024-05-22
Entry 2024-05-22
gitlab-ce
gitlab-ee

>= 17.0.0 lt 17.0.1

>= 16.11.0 lt 16.11.3

>= 11.11 lt 16.10.6

CVE-2024-4835
CVE-2024-2874
CVE-2023-7045
CVE-2023-6502
CVE-2024-1947
CVE-2024-4367
https://about.gitlab.com/releases/2024/05/22/patch-release-gitlab-17-0-1-released/