Описание
Missing validation in DAST analyzer affecting all versions from 1.11.0 prior to 3.0.32, allows custom request headers to be sent with every request, regardless of the host.
Ссылки
- Vendor Advisory
- ExploitIssue TrackingPatchVendor Advisory
- Vendor Advisory
- ExploitIssue TrackingPatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 1.11.0 (включая) до 3.0.32 (исключая)
cpe:2.3:a:gitlab:dynamic_application_security_testing_analyzer:*:*:*:*:*:*:*:*
EPSS
Процентиль: 42%
0.00199
Низкий
7.7 High
CVSS3
6.5 Medium
CVSS3
Дефекты
NVD-CWE-noinfo
CWE-20
Связанные уязвимости
CVSS3: 7.7
ubuntu
почти 3 года назад
Missing validation in DAST analyzer affecting all versions from 1.11.0 prior to 3.0.32, allows custom request headers to be sent with every request, regardless of the host.
CVSS3: 7.7
debian
почти 3 года назад
Missing validation in DAST analyzer affecting all versions from 1.11.0 ...
CVSS3: 6.5
github
почти 3 года назад
Missing validation in DAST analyzer affecting all versions from 1.11.0 prior to 3.0.32, allows custom request headers to be sent with every request, regardless of the host.
EPSS
Процентиль: 42%
0.00199
Низкий
7.7 High
CVSS3
6.5 Medium
CVSS3
Дефекты
NVD-CWE-noinfo
CWE-20