Vulnerabilities > Gitlab > Gitlab > 14.8.4

DATE CVE VULNERABILITY TITLE RISK
2022-04-04 CVE-2022-1174 Improper Validation of Specified Quantity in Input vulnerability in Gitlab
A potential DoS vulnerability was discovered in Gitlab CE/EE versions 13.7 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to trigger high CPU usage via a special crafted input added in Issues, Merge requests, Milestones, Snippets, Wiki pages, etc.
network
low complexity
gitlab CWE-1284
7.5
7.5
2022-04-04 CVE-2022-1175 Cross-site Scripting vulnerability in Gitlab
Improper neutralization of user input in GitLab CE/EE versions 14.4 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 allowed an attacker to exploit XSS by injecting HTML in notes.
network
gitlab CWE-79
4.3
4.3
2022-04-04 CVE-2022-1185 Out-of-bounds Write vulnerability in Gitlab
A denial of service vulnerability when rendering RDoc files in GitLab CE/EE versions 10 to 14.7.7, 14.8.0 to 14.8.5, and 14.9.0 to 14.9.2 allows an attacker to crash the GitLab web application with a maliciously crafted RDoc file
network
low complexity
gitlab CWE-787
6.5
6.5
2022-04-04 CVE-2022-1188 Server-Side Request Forgery (SSRF) vulnerability in Gitlab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.1 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 where a blind SSRF attack through the repository mirroring feature was possible.
network
low complexity
gitlab CWE-918
5.0
5.0
2022-04-04 CVE-2022-1189 Unspecified vulnerability in Gitlab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.2 before 14.7.7, all versions starting from 14.8 before 14.8.5, all versions starting from 14.9 before 14.9.2 that allowed for an unauthorised user to read the the approval rules of a private project.
network
low complexity
gitlab
4.0
4.0
2022-04-04 CVE-2022-1190 Cross-site Scripting vulnerability in Gitlab
Improper handling of user input in GitLab CE/EE versions 8.3 prior to 14.7.7, 14.8 prior to 14.8.5, and 14.9 prior to 14.9.2 allowed an attacker to exploit a stored XSS by abusing multi-word milestone references in issue descriptions, comments, etc.
network
gitlab CWE-79
3.5
3.5
2021-06-24 CVE-2021-32823 In the bindata RubyGem before version 2.4.10 there is a potential denial-of-service vulnerability.
network
high complexity
bindata-project gitlab
3.7
3.7