TEMP-0900522-A18AAE

NameTEMP-0900522-A18AAE
Descriptiongitlab: include directive in .gitlab-ci.yml allows SSRF requests
SourceAutomatically generated temporary name. Not for external reference.
Debian Bugs900522

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
gitlab (PTS)buster/contrib11.4.9+dfsg-2fixed
stretch (security)8.13.11+dfsg1-8+deb9u3fixed
sid11.5.4+dfsg-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gitlabsource(unstable)10.7.7+dfsg-2900522
gitlabsourceexperimental10.7.5+dfsg-1
gitlabsourcestretch(not affected)

Notes

[stretch] - gitlab <not-affected> (Introduced in 10.5)
https://about.gitlab.com/2018/05/29/security-release-gitlab-10-dot-8-dot-2-released/

Search for package or bug name: Reporting problems