Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Missing sanitization of HTML attributes in Jupyter notebooks in all versions of GitLab CE/EE since version 14.5 allows an attacker to perform arbitrary HTTP POST requests on a user's behalf leading to potential account takeover
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
Vulnerability Type
N/A
Vulnerability Title
GitLab Enterprise Edition和GitLab Community Edition 跨站请求伪造漏洞
Vulnerability Description
GitLab Enterprise Edition是一套内容管理系统。GitLab Community Edition是美国GitLab公司的一种社区版 GitLab 。 GitLab Enterprise Edition 和 Gitlab Community Edition存在跨站请求伪造漏洞,该漏洞源于 Jupyter notebooks 中用户提供的数据没有充分处理。一个远程认证的攻击者可利用该漏洞可以欺骗受害者跟随一个特别制作的链接,并在用户的浏览器中执行任意HTML和脚本代码的脆弱网站。
CVSS Information
N/A
Vulnerability Type
N/A