Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Validation of Specified Type of Input in GitLab
Vulnerability Description
An input validation issue in the asset proxy in GitLab EE, affecting all versions from 12.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1, allowed an authenticated attacker to craft image urls which bypass the asset proxy.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Vulnerability Type
CWE-1287
Vulnerability Title
GitLab Enterprise Edition 安全漏洞
Vulnerability Description
GitLab Enterprise Edition(EE)是美国GitLab公司的一套内容管理系统。 GitLab Enterprise Edition存在安全漏洞,该漏洞源于输入验证问题,允许经过身份验证的攻击者制作绕过资产代理的图像url。
CVSS Information
N/A
Vulnerability Type
N/A