Web Application Firewall

Multiple vulnerabilities reported in GitLab EE

Overview :

Affected Product(s) :

Affected versions are >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.
Affected versions are >=8.12, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.

Vulnerability Details :

CVE ID :

CVE-2020-13348

An issue has been discovered in GitLab EE affecting all versions starting from 10.2. Required CODEOWNERS approval could be bypassed by targeting a branch without the CODEOWNERS file. Affected versions are >=10.2, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.

CVE ID :

CVE-2020-13349

An issue has been discovered in GitLab EE affecting all versions starting from 8.12. A regular expression related to a file path resulted in the Advanced Search feature susceptible to catastrophic backtracking. Affected versions are >=8.12, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.

Solution :

This vulnerability is currently awaiting analysis.

Sign up for our Newsletter

Click edit button to change this text. Lorem ipsum dolor sit amet, consectetur adipiscing elit

Multiple vulnerabilities reported in GitLab EE

Recent Posts

Container Runtime Protection

Threats to Containers

The Need for Container Security

Follow Us

zzcms 2018 template_user.php ml/title code injection

ZyXEL VPN2S 1.12 Web Server path traversal

Zyxel VPN2S 1.12 CGI Program os command injection

Zyxel USG/USG Flex/Zywall/ATP/VPN up to 4.64 Web-based Management Interface improper authentication

ZyXEL GS1900-8 2.60 LLDP Packet cross site scripting

Zynamics BinDiff up to 6 i64 File use after free

Web Application Firewall Solution

Sign up for our Newsletter