FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
174e466b-1d48-11eb-bd0f-001b217b3468Gitlab -- Multiple vulnerabilities

Gitlab reports:

Path Traversal in LFS Upload

Path traversal allows saving packages in arbitrary location

Kubernetes agent API leaks private repos

Terraform state deletion API exposes object storage URL

Stored-XSS in error message of build-dependencies

Git credentials persisted on disk

Potential Denial of service via container registry

Info leak when group is transferred from private to public group

Limited File Disclosure Via Multipart Bypass

Unauthorized user is able to access scheduled pipeline variables and values

CSRF in runner administration page allows an attacker to pause/resume runners

Regex backtracking attack in path parsing of Advanced Search result

Bypass of required CODEOWNERS approval

SAST CiConfiguration information visible without permissions


Discovery 2020-11-02
Entry 2020-11-02
gitlab-ce
ge 13.5.0 lt 13.5.2

ge 13.4.0 lt 13.4.5

ge 8.8.9 lt 13.3.9

https://about.gitlab.com/releases/2020/11/02/security-release-gitlab-13-5-2-released/
CVE-2020-13355
CVE-2020-26405
CVE-2020-13358
CVE-2020-13359
CVE-2020-13340
CVE-2020-13353
CVE-2020-13354
CVE-2020-13352
CVE-2020-13356
CVE-2020-13351
CVE-2020-13350
CVE-2020-13349
CVE-2020-13348