Vulnerabilities > Gitlab > Gitlab > 9.5.10

DATE CVE VULNERABILITY TITLE RISK
2018-03-21 CVE-2017-0916 Improper Input Validation vulnerability in Gitlab
Gitlab Community Edition version 10.3 is vulnerable to a lack of input validation in the system_hook_push queue through web hook component resulting in remote code execution.
network
low complexity
gitlab debian CWE-20
7.5
7.5
2018-03-21 CVE-2017-0915 Improper Input Validation vulnerability in Gitlab
Gitlab Community Edition version 10.2.4 is vulnerable to a lack of input validation in the GitlabProjectsImportService resulting in remote code execution.
network
low complexity
gitlab debian CWE-20
7.5
7.5
2018-03-21 CVE-2017-0914 SQL Injection vulnerability in Gitlab
Gitlab Community and Enterprise Editions version 10.1, 10.2, and 10.2.4 are vulnerable to a SQL injection in the MilestoneFinder component resulting in disclosure of all data in a GitLab instance's database.
network
low complexity
gitlab CWE-89
5.0
5.0