CVE-2017-8778

Опубликовано: 04 мая 2017

Источник: ubuntu

Приоритет: medium

CVSS2: 4.3

CVSS3: 6.1

Описание

GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 has XSS via a SCRIPT element in an issue attachment or avatar that is an SVG document.

Релиз	Статус	Примечание
artful	ignored	end of life
bionic	DNE
cosmic	DNE
devel	DNE
disco	DNE
esm-apps/xenial	not-affected	doesn't support svg images
esm-infra-legacy/trusty	DNE
precise	DNE
precise/esm	DNE
trusty	DNE

Показывать по

Ссылки на источники

4.3 Medium

CVSS2

6.1 Medium

CVSS3

Связанные уязвимости

CVE-2017-8778

CVSS3: 6.1

nvd

больше 8 лет назад

GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 has XSS via a SCRIPT element in an issue attachment or avatar that is an SVG document.

CVE-2017-8778

CVSS3: 6.1

debian

больше 8 лет назад

GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 h ...

GHSA-4rph-jr9g-hq9q

CVSS3: 6.1

github

около 3 лет назад

GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 has XSS via a SCRIPT element in an issue attachment or avatar that is an SVG document.

4.3 Medium

CVSS2

6.1 Medium

CVSS3

CVE-2017-8778

Описание

Пакет gitlab

Ссылки на источники

Связанные уязвимости