CVE-2017-0923

Summary

Gitlab Community Edition version 9.1 is vulnerable to lack of input validation in the IPython notebooks component resulting in persistent cross site scripting.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab Community and Enterprise Editions9.1.0 - 10.1.5 Fixed in 10.1.6affected
GitLabGitLab Community and Enterprise Editions10.2.0 - 10.2.5 Fixed in 10.2.6affected
GitLabGitLab Community and Enterprise Editions10.3.0 - 10.3.3 Fixed in 10.3.4affected

Weaknesses

  • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') (CWE-79)

ADP Enrichment

CVE Program Container

Additional References

References