Vulnerabilities > Gitlab > Gitlab > 8.4.10

DATE CVE VULNERABILITY TITLE RISK
2017-08-14 CVE-2017-12426 Improper Input Validation vulnerability in Gitlab
GitLab Community Edition (CE) and Enterprise Edition (EE) before 8.17.8, 9.0.x before 9.0.13, 9.1.x before 9.1.10, 9.2.x before 9.2.10, 9.3.x before 9.3.10, and 9.4.x before 9.4.4 might allow remote attackers to execute arbitrary code via a crafted SSH URL in a project import.
network
low complexity
gitlab CWE-20
8.8
8.8
2017-05-04 CVE-2017-8778 Cross-site Scripting vulnerability in Gitlab
GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 has XSS via a SCRIPT element in an issue attachment or avatar that is an SVG document.
network
gitlab CWE-79
4.3
4.3
2017-03-28 CVE-2017-0882 Information Exposure vulnerability in Gitlab
Multiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request.
network
low complexity
gitlab CWE-200
4.0
4.0