FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

Gitlab -- multiple vulnerabilities

Affected packages
13.7.0 <= gitlab-ce < 13.7.2
13.6.0 <= gitlab-ce < 13.6.4
12.2 <= gitlab-ce < 13.5.6

Details

VuXML ID a2a2b34d-52b4-11eb-87cb-001b217b3468
Discovery 2021-01-07
Entry 2021-01-09

Gitlab reports:

Ability to steal a user's API access token through GitLab Pages

Prometheus denial of service via HTTP request with custom method

Unauthorized user is able to access private repository information under specific conditions

Regular expression denial of service in NuGet API

Regular expression denial of service in package uploads

Update curl dependency

CVE-2019-3881 mitigation

References

CVE Name CVE-2019-3881
CVE Name CVE-2020-26414
CVE Name CVE-2021-22166
URL https://about.gitlab.com/releases/2021/01/07/security-release-gitlab-13-7-2-released/