CVE-2019-5464

Summary

A flawed DNS rebinding protection issue was discovered in GitLab CE/EE 10.2 and later in the url_blocker.rb which could result in SSRF where the library is utilized.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab CE/EEAffects GitLab CE/EE 10.2 and lateraffected
GitLabGitLab CE/EEFixed in 12.1.2 in 12.0.4 and in 11.11.6affected

Weaknesses

  • CWE-20: Improper Input Validation (CWE-20)

ADP Enrichment

CVE Program Container

Additional References

References