GitLab GitLab Version Control Server
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in any GitLab product.
RSS Feeds for GitLab security vulnerabilities
Create a CVE RSS feed including security vulnerabilities found in GitLab products with stack.watch. Just hit watch, then grab your custom RSS feed url.
Products by GitLab Sorted by Most Security Vulnerabilities since 2018
Known Exploited GitLab Vulnerabilities
The following GitLab vulnerabilities have been marked by CISA as Known to be Exploited by threat actors.
| Title | Description | Added |
|---|---|---|
| GitLab Server-Side Request Forgery (SSRF) Vulnerability |
GitLab contains a server-side request forgery (SSRF) vulnerability when requests to the internal network for webhooks are enabled. CVE-2021-22175 Exploit Probability: 74.1% |
February 18, 2026 |
| GitLab Community and Enterprise Editions Server-Side Request Forgery (SSRF) Vulnerability |
GitLab Community and Enterprise Editions contain a server-side request forgery vulnerability which could allow unauthorized external users to perform Server Side Requests via the CI Lint API. CVE-2021-39935 Exploit Probability: 54.3% |
February 3, 2026 |
| GitLab Community and Enterprise Editions Improper Access Control Vulnerability |
GitLab Community and Enterprise Editions contain an improper access control vulnerability. This allows an attacker to trigger password reset emails to be sent to an unverified email address to ultimately facilitate an account takeover. CVE-2023-7028 Exploit Probability: 93.5% |
May 1, 2024 |
The vulnerability CVE-2023-7028: GitLab Community and Enterprise Editions Improper Access Control Vulnerability is in the top 1% of the currently known exploitable vulnerabilities. 2 known exploited GitLab vulnerabilities are in the top 5% (95th percentile or greater) of the EPSS exploit probability rankings.
By the Year
In 2026 there have been 54 vulnerabilities in GitLab with an average score of 6.0 out of ten. Last year, in 2025 GitLab had 162 security vulnerabilities published. If vulnerabilities keep coming in at the current rate, it appears that number of security vulnerabilities in GitLab in 2026 could surpass last years number. Last year, the average CVE base score was greater by 0.08
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 54 | 6.02 |
| 2025 | 162 | 6.09 |
| 2024 | 147 | 6.32 |
| 2023 | 183 | 5.65 |
| 2022 | 152 | 5.75 |
| 2021 | 157 | 5.44 |
| 2020 | 237 | 6.15 |
| 2019 | 165 | 6.33 |
| 2018 | 33 | 6.71 |
It may take a day or so for new GitLab vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent GitLab Security Vulnerabilities
| CVE | Date | Vulnerability | Products |
|---|---|---|---|
| CVE-2026-1182 | Mar 12, 2026 |
GitLab Unauthorized Issue Title Exposure (<=18.7.5, <=18.8.5, <=18.9.1)GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.14 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to gain unauthorized access to confidential issue title created in public projects under certain circumstances. |
GitLab
|
| CVE-2025-12555 | Mar 11, 2026 |
GitLab CE/EE auth bypass, pipeline info disclosure <18.7.6/18.8.6/18.9.2GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.1 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that, under certain conditions, could have allowed an authenticated user to access previous pipeline job information on projects with repository and CI/CD disabled due to improper authorization checks. |
GitLab
|
| CVE-2025-12576 | Mar 11, 2026 |
GitLab CE/EE Webhook DOs (<18.7.6, <18.8.6, <18.9.2)GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.3 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that under certain conditions could have allowed an authenticated user to cause a denial of service due to improper handling of webhook response data. |
GitLab
|
| CVE-2025-12697 | Mar 11, 2026 |
GitLab CE/EE <=18.9.2 Exposes Datadog API Credentials (Maintainer Auth)GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.5 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user with maintainer-role permissions to reveal Datadog API credentials under certain conditions. |
GitLab
|
| CVE-2025-12704 | Mar 11, 2026 |
GitLab EE: Improper Auth to Access Virtual Registry before 18.7.6 / 18.8.6 / 18.9.2GitLab has remediated an issue in GitLab EE affecting all versions from 18.2 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to access Virtual Registry data in groups where they are not members due to improper authorization under certain conditions. |
GitLab
|
| CVE-2025-13690 | Mar 11, 2026 |
GitLab DoS via webhook custom headers (v16.11-18.9)GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.11 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to cause a denial of service condition due to improper input validation on webhook custom header names under certain conditions. |
GitLab
|
| CVE-2025-13929 | Mar 11, 2026 |
GitLab DoS via archive endpoint requests 10.0-18.9.2GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.0 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service by issuing specially crafted requests to repository archive endpoints under certain conditions. |
GitLab
|
| CVE-2025-14513 | Mar 11, 2026 |
GitLab Unauth DOS via JSON Payloads v18.7.6/18.8.6/18.9.2GitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.11 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service condition due to improper input validation when processing specially crafted JSON payloads in the protected branches API. |
GitLab
|
| CVE-2026-0602 | Mar 11, 2026 |
GitLab CE/EE Metadata Disclosure via Snippet Rendering (15.6-18.9.2)GitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to disclose metadata from private issues, merge requests, epics, milestones, or commits due to improper filtering in the snippet rendering process under certain circumstances. |
GitLab
|
| CVE-2026-1069 | Mar 11, 2026 |
GitLab GraphQL Recursion DoS (CE/EE) <18.9.2GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.9 before 18.9.2 that could have allowed an unauthenticated user to cause a denial of service by sending specially crafted GraphQL requests due to uncontrolled recursion under certain circumstances. |
GitLab
|
| CVE-2026-1090 | Mar 11, 2026 |
Authenticated XSS via markdown_placeholders in GitLab CE/EE (v10.618.9.2)GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user, when the `markdown_placeholders` feature flag was enabled, to inject JavaScript in a browser due to improper sanitization of placeholder content in markdown processing. |
GitLab
|
| CVE-2026-1230 | Mar 11, 2026 |
GitLab CE/EE: Authenticated Repo Download Code Divergence (before 18.9.2)GitLab has remediated an issue in GitLab CE/EE affecting all versions from 1.0 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to cause repository downloads to contain different code than displayed in the web interface due to incorrect validation of branch references under certain circumstances. |
GitLab
|
| CVE-2026-1663 | Mar 11, 2026 |
GitLab CE/EE Grp Imp Auth Allows Label Creation in Priv. Projects (v14.418.9)GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.4 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user with group import permissions to create labels in private projects due to improper authorization validation in the group import process under certain circumstances. |
GitLab
|
| CVE-2026-1732 | Mar 11, 2026 |
GitLab CE/EE Auth Discovery Vulnerability (12.6-18.9.x)GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.6 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to disclose confidential issue titles due to improper filtering under certain circumstances. |
GitLab
|
| CVE-2026-3848 | Mar 11, 2026 |
GitLab CE/EE: Authenticated Proxy Request via Import (18.7.6/18.8.6/18.9.2)GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.11 before 18.7.6, 18.8 before 18.8.6, and 18.9 before 18.9.2 that could have allowed an authenticated user to make unintended internal requests through proxy environments under certain conditions due to improper input validation in import functionality. |
GitLab
|
| CVE-2025-14511 | Feb 25, 2026 |
GitLab CE/EE Denial of Service via Registry Event Endpoint (<=18.9.1)GitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause denial of service by sending specially crafted files to the container registry event endpoint under certain conditions. |
GitLab
|
| CVE-2026-0752 | Feb 25, 2026 |
GitLab CE/EE <18.9.1: Unauth Script Injection via Mermaid UIGitLab has remediated an issue in GitLab CE/EE affecting all versions from 16.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that under certain circumstances, could have allowed an unauthenticated user to inject arbitrary scripts into the Mermaid sandbox UI. |
GitLab
|
| CVE-2026-1388 | Feb 25, 2026 |
GitLab CE/EE ReDoS via MR pre 18.9.1GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause regular expression denial of service by sending specially crafted input to a merge request endpoint under certain conditions. |
GitLab
|
| CVE-2026-1662 | Feb 25, 2026 |
GitLab CE/EE Jira Events DoS (18.7.5|18.8.5|18.9.1)GitLab has remediated an issue in GitLab CE/EE affecting all versions from 14.4 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthenticated user to cause Denial of Service by sending specially crafted requests to the Jira events endpoint. |
GitLab
|
| CVE-2026-1747 | Feb 25, 2026 |
GitLab EE <18.7.5/18.8.5/18.9.1: Devs alter protected Conan packagesGitLab has remediated an issue in GitLab EE affecting all versions from 17.11 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that, under certain conditions, could have allowed Developer-role users with insufficient privileges to make unauthorized modifications to protected Conan packages. |
GitLab
|
| CVE-2026-1725 | Feb 25, 2026 |
GitLab CE/EE: Unauth DoS via CI Jobs API (before 18.9.1)GitLab has remediated an issue in GitLab CE/EE affecting versions from 18.9 before 18.9.1 that could have under certain conditions, allowed an unauthenticated user to cause denial of service by sending specially crafted requests to a CI jobs API endpoint. |
GitLab
|
| CVE-2026-2845 | Feb 25, 2026 |
GitLab CE/EE DOS via Bitbucket Import Endpoint (before 18.9.1)An issue has been discovered in GitLab CE/EE affecting all versions from 11.2 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an authenticated user to cause denial of service by exploiting a Bitbucket Server import endpoint via repeatedly sending large responses. |
GitLab
|
| CVE-2025-3525 | Feb 25, 2026 |
GitLab CE/EE DoS via crafted CI API triggers (v9.0 - 18.9.*)GitLab has remediated an issue in GitLab CE/EE affecting all versions from 9.0 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have, under certain circumstances, allowed an authenticated user with certain access to cause Denial of Service by creating specially crafted CI triggers via the API. |
GitLab
|
| CVE-2025-14103 | Feb 25, 2026 |
GitLab CE/EE Unauthorized Pipeline Variable Set for Manual Jobs (v17.7-18.9)GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.7.5, 18.8 before 18.8.5, and 18.9 before 18.9.1 that could have allowed an unauthorized user with Developer-role permissions to set pipeline variables for manually triggered jobs under certain conditions. |
GitLab
|
| CVE-2025-7659 | Feb 11, 2026 |
Unauthenticated Token Theft via GitLab Web IDE 18.2-18.8 (pre-18.6.6/18.7.4/18.8.4)GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to steal tokens and access private repositories by abusing incomplete validation in the Web IDE. |
GitLab
|
| CVE-2025-8099 | Feb 11, 2026 |
GitLab CE/EE <18.6.6/18.7.4/18.8.4: Unauth DoS via GraphQLGitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.8 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an unauthenticated user to cause denial of service by sending repeated GraphQL queries. |
GitLab
|
| CVE-2025-12073 | Feb 11, 2026 |
GitLab SSRF via Import API (v18.0-18.6.5, v18.7-18.7.3, v18.8-18.8.3)GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions, could have allowed an authenticated user to perform server-side request forgery against internal services by bypassing protections in the Git repository import functionality. |
GitLab
|
| CVE-2025-12575 | Feb 11, 2026 |
GitLab EE 18.x internal network request flaw before 18.8.4GitLab has remediated an issue in GitLab EE affecting all versions from 18.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user with certain permissions to make unauthorized requests to internal network services through the GitLab server. |
GitLab
|
| CVE-2025-14560 | Feb 11, 2026 |
Unauth Action Exploit in GitLab CE/EE before v18.7.4 via Code Flow InjectionGitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to perform unauthorized actions on behalf of another user by injecting malicious content into vulnerability code flow. |
GitLab
|
| CVE-2025-14594 | Feb 11, 2026 |
GitLab API Disclosure of Pipeline Values (before 18.6.6/18.7.4/18.8.4)GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.11 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to view certain pipeline values by querying the API. |
GitLab
|
| CVE-2025-14592 | Feb 11, 2026 |
GitLab Auth PE via GraphQL API (CVE-2025-14592) before 18.6.6/18.7.4/18.8.4GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to perform unauthorized operations by submitting GraphQL mutations through the GLQL API endpoint. |
GitLab
|
| CVE-2026-0595 | Feb 11, 2026 |
GitLab CE/EE HTML Injection Allows Unauthorized Email Additions (CVE-2026-0595)GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.9 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to add unauthorized email addresses to victim accounts through HTML injection in test case titles. |
GitLab
|
| CVE-2026-0958 | Feb 11, 2026 |
GitLab 18.418.6.5/18.718.7.3/18.818.8.3: Unauth DOS via JSON Validation BypassGitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.4 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through memory or CPU exhaustion by bypassing JSON validation middleware limits. |
GitLab
|
| CVE-2026-1080 | Feb 11, 2026 |
GitLab EE <=18.6.6 Auth. Access to Private Iterations APIGitLab has remediated an issue in GitLab EE affecting all versions from 16.7 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an authenticated user to access iteration data from private descendant groups by querying the iterations API endpoint. |
GitLab
|
| CVE-2026-1094 | Feb 11, 2026 |
GitLab CE/EE <18.8.4: Authenticated Devs Hide File Changes via WebUIGitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.8 before 18.8.4 that could have allowed an authenticated developer to hide specially crafted file changes from the WebUI. |
Gitaly
|
| CVE-2026-1282 | Feb 11, 2026 |
GitLab 18.6-18.8 Authenticated Label Title InjectionGitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an authenticated user to inject malicious content into project labels titles. |
GitLab
|
| CVE-2026-1387 | Feb 11, 2026 |
GitLabEE DoS via Malicious GraphQL File Upload (15.618.6.6, 18.718.7.4, 18.818.8.4)GitLab has remediated an issue in GitLab EE affecting all versions from 15.6 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an authenticated user to cause Denial of Service by uploading a malicious file and repeatedly querying it through GraphQl. |
GitLab
|
| CVE-2026-1456 | Feb 11, 2026 |
GitLab CE/EE 18.7-18.8.4 DoS via Markdown Exponential CPUGitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.7 before 18.7.4, and 18.8 before 18.8.4 that could have allowed an unauthenticated user to cause denial of service through CPU exhaustion by submitting specially crafted markdown files that trigger exponential processing in markdown preview. |
GitLab
|
| CVE-2026-1458 | Feb 11, 2026 |
GitLab Denial of Service via malicious file upload (before 18.8.4)GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.0 before 18.6.6, 18.7 before 18.7.4, and 18.8 before 18.8.4 that, under certain conditions could have allowed an unauthenticated user to cause denial of service by uploading malicious files. |
GitLab
|
| CVE-2026-1868 | Feb 09, 2026 |
GitLab AI Gateway 18.1.618.8.0 Duo Workflow RCE via insecure template expansionGitLab has remediated a vulnerability in the Duo Workflow Service component of GitLab AI Gateway affecting all versions of the AI Gateway from 18.1.6, 18.2.6, 18.3.1 to 18.6.1, 18.7.0, and 18.8.0 in which AI Gateway was vulnerable to insecure template expansion of user supplied data via crafted Duo Agent Platform Flow definitions. This vulnerability could be used to cause Denial of Service or gain code execution on the Gateway. This has been fixed in versions 18.6.2, 18.7.1, and 18.8.1 of the GitLab AI Gateway. |
Ai Gateway
|
| CVE-2026-1751 | Feb 02, 2026 |
GitLab CE/EE 18.4: Merged Request Approval Rule Edit Authorization FlawA vulnerability has been discovered in GitLab CE/EE affecting all versions starting with 16.8 before 18.5.0 that could have allowed unauthorized edits to merge request approval rules under certain conditions. |
GitLab
|
| CVE-2025-13928 | Jan 22, 2026 |
GitLab CE/EE: Unauth DS via API auth bypass (pre18.6.4)GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.7 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an unauthenticated user to cause a denial of service condition by exploiting incorrect authorization validation in API endpoints. |
GitLab
|
| CVE-2025-13927 | Jan 22, 2026 |
GitLab CE/EE DoS via Malformed Auth Data in 11.9-18.6.4GitLab has remediated an issue in GitLab CE/EE affecting all versions from 11.9 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an unauthenticated user to create a denial of service condition by sending crafted requests with malformed authentication data. |
GitLab
|
| CVE-2026-0723 | Jan 22, 2026 |
GitLab CE/EE 18.x TFA Bypass via Forged Device Resp (v<18.6.4/18.7.2/18.8.2)GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.6 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an individual with existing knowledge of a victim's credential ID to bypass two-factor authentication by submitting forged device responses. |
GitLab
|
| CVE-2026-1102 | Jan 22, 2026 |
GitLab CE/EE <18.8.2 DoS via Malformed SSH AuthGitLab has remediated an issue in GitLab CE/EE affecting all versions from 12.3 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that could have allowed an unauthenticated user to create a denial of service condition by sending repeated malformed SSH authentication requests. |
GitLab
|
| CVE-2025-13335 | Jan 22, 2026 |
Auth DOS via Malformed Wiki Docs in GitLab 17.118.8 (18.6.4/18.7.2/18.8.2)GitLab has remediated an issue in GitLab CE/EE affecting all versions from 17.1 before 18.6.4, 18.7 before 18.7.2, and 18.8 before 18.8.2 that under certain circumstances could have allowed an authenticated user to create a denial of service condition by configuring malformed Wiki documents that bypass cycle detection. |
GitLab
|
| CVE-2025-11224 | Jan 14, 2026 |
GitLab CE/EE 18.5.2 Authrequired XSS via K8s ProxyGitLab has remediated an issue in GitLab CE/EE affecting all versions from 15.10 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated user to execute stored cross-site scripting through improper input validation in the Kubernetes proxy functionality. |
GitLab
|
| CVE-2025-3950 | Jan 09, 2026 |
GitLab asset proxy bypass leaking info before 18.5.5/18.6.3/18.7.1GitLab has remediated an issue in GitLab CE/EE affecting all versions from 10.3 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed a user to leak certain information by referencing specially crafted images that bypass asset proxy protection. |
GitLab
|
| CVE-2025-9222 | Jan 09, 2026 |
GitLab CE/EE XSS via GFM (before 18.5.5 / 18.6.3 / 18.7.1)GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.2.2 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to achieve stored cross-site scripting by exploiting GitLab Flavored Markdown. |
GitLab
|
| CVE-2025-10569 | Jan 09, 2026 |
GitLab DoS via crafted API responses (v8.3-18.5.4,18.6-18.6.2,18.7-18.7.0)GitLab has remediated an issue in GitLab CE/EE affecting all versions from 8.3 before 18.5.5, 18.6 before 18.6.3, and 18.7 before 18.7.1 that could have allowed an authenticated user to create a denial of service condition by providing crafted responses to external API calls. |
GitLab
|