CVE-2021-39906

Summary

Improper validation of ipynb files in GitLab CE/EE version 13.5 and above allows an attacker to execute arbitrary JavaScript code on the victim's behalf.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab>=13.5, <14.2.6affected
GitLabGitLab>=14.3, <14.3.4affected
GitLabGitLab>=14.4, <14.4.1affected

Weaknesses

  • Improper neutralization of input during web page generation ('cross-site scripting') in GitLab

ADP Enrichment

CVE Program Container

Additional References

References