FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
8657eedd-b423-11ec-9559-001b217b3468Gitlab -- multiple vulnerabilities

Gitlab reports:

Static passwords inadvertently set during OmniAuth-based registration

Stored XSS in notes

Stored XSS on Multi-word milestone reference

Denial of service caused by a specially crafted RDoc file

GitLab Pages access tokens can be reused on multiple domains

GitLab Pages uses default (disabled) server Timeouts and a weak TCP Keep-Alive timeout

Incorrect include in pipeline definition exposes masked CI variables in UI

Regular expression denial of service in release asset link

Latest Commit details from private projects leaked to guest users via Merge Requests

CI/CD analytics are available even when public pipelines are disabled

Absence of limit for the number of tags that can be added to a runner can cause performance issues

Client DoS through rendering crafted comments

Blind SSRF Through Repository Mirroring

Bypass of branch restriction in Asana integration

Readable approval rules by Guest user

Redact InvalidURIError error messages

Project import maps members' created_by_id users based on source user ID


Discovery 2022-03-31
Entry 2022-04-04
gitlab-ce
ge 14.9.0 lt 14.9.2

ge 14.8.0 lt 14.8.5

ge 0 lt 14.7.7

CVE-2022-1162
CVE-2022-1175
CVE-2022-1190
CVE-2022-1185
CVE-2022-1148
CVE-2022-1121
CVE-2022-1120
CVE-2022-1100
CVE-2022-1193
CVE-2022-1105
CVE-2022-1099
CVE-2022-1174
CVE-2022-1188
CVE-2022-0740
CVE-2022-1189
CVE-2022-1157
CVE-2022-1111
https://about.gitlab.com/releases/2022/03/31/critical-security-release-gitlab-14-9-2-released/