Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper Neutralization of Special Elements used in a Command ('Command Injection') in GitLab
Vulnerability Description
GitLab has remediated an issue in GitLab EE affecting all versions from 17.8 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker to leak sensitive information from confidential issues by injecting hidden prompts into merge request comments.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Vulnerability Type
在命令中使用的特殊元素转义处理不恰当(命令注入)
Vulnerability Title
GitLab 命令注入漏洞
Vulnerability Description
GitLab是美国GitLab公司的一个开源的端到端软件开发平台,具有内置的版本控制、问题跟踪、代码审查、CI/CD(持续集成和持续交付)等功能。 GitLab EE 17.8版本至18.3.6之前版本、18.4版本至18.4.4之前版本和18.5版本至18.5.2之前版本存在命令注入漏洞,该漏洞源于合并请求评论中的隐藏提示注入,可能导致敏感信息泄露。
CVSS Information
N/A
Vulnerability Type
N/A