Web Application Firewall

Multiple vulnerabilities reported in GitLab EE

Overview :

Affected Product(s) :

Affected versions are >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.
Affected versions are >=8.12, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.

Vulnerability Details :

CVE ID :

CVE-2020-13348

An issue has been discovered in GitLab EE affecting all versions starting from 10.2. Required CODEOWNERS approval could be bypassed by targeting a branch without the CODEOWNERS file. Affected versions are >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.

CVE ID :

CVE-2020-13349

An issue has been discovered in GitLab EE affecting all versions starting from 8.12. A regular expression related to a file path resulted in the Advanced Search feature susceptible to catastrophic backtracking. Affected versions are >=8.12, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.

Solution :

This vulnerability is currently awaiting analysis.

Multiple vulnerabilities reported in GitLab EE

Recent Posts

Latest Spring Vulnerabilities Exploitation – CVE-2022-22965

10+ Best Free SSL Certificate Providers 2023

Latest Spring Vulnerabilities Exploitation – CVE-2022-22965

Follow Us

zzcms 2018 template_user.php ml/title code injection

ZyXEL VPN2S 1.12 Web Server path traversal

Zyxel VPN2S 1.12 CGI Program os command injection

Zyxel USG/USG Flex/Zywall/ATP/VPN up to 4.64 Web-based Management Interface improper authentication

ZyXEL GS1900-8 2.60 LLDP Packet cross site scripting

Zynamics BinDiff up to 6 i64 File use after free

Web Application Firewall Solution

CVE-2022-22486 : IBM TIVOLI WORKLOAD SCHEDULER 9.4/9.5/10.1 XML EXTERNAL ENTITY REFERENCE

CVE-2023-24997 : APACHE INLONG UP TO 1.5.0 DESERIALIZATION

CVE-2022-37708 : DOCKER 20.10.15 BUILD FD82621 PERMISSION