Опубликовано: 04 мая 2017
Источник: ubuntu
Приоритет: medium
EPSS Низкий
CVSS2: 4.3
CVSS3: 6.1
Описание
GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 has XSS via a SCRIPT element in an issue attachment or avatar that is an SVG document.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | DNE | |
| cosmic | DNE | |
| devel | DNE | |
| disco | DNE | |
| esm-apps/xenial | not-affected | doesn't support svg images |
| esm-infra-legacy/trusty | DNE | |
| precise | DNE | |
| precise/esm | DNE | |
| trusty | DNE |
Показывать по
10
EPSS
Процентиль: 22%
0.00074
Низкий
4.3 Medium
CVSS2
6.1 Medium
CVSS3
Связанные уязвимости
CVSS3: 6.1
nvd
почти 9 лет назад
GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 has XSS via a SCRIPT element in an issue attachment or avatar that is an SVG document.
CVSS3: 6.1
debian
почти 9 лет назад
GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 h ...
CVSS3: 6.1
github
больше 3 лет назад
GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 has XSS via a SCRIPT element in an issue attachment or avatar that is an SVG document.
EPSS
Процентиль: 22%
0.00074
Низкий
4.3 Medium
CVSS2
6.1 Medium
CVSS3