CVE-2021-39946

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-39946
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-39946.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-39946
Aliases
Related
Published
2022-01-18T17:15:08Z
Modified
2024-10-12T08:50:25.052093Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Improper neutralization of user input in GitLab CE/EE versions 14.3 to 14.3.6, 14.4 to 14.4.4, and 14.5 to 14.5.2 allowed an attacker to exploit XSS by abusing the generation of the HTML code related to emojis

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
dec73e99fddac59c0bf816dc4bffd2a30abae6de
Fixed
057790c613dea428aa523357c333ced5433794ee

Affected versions

v14.*

v14.3.0-ee
v14.3.1-ee
v14.3.2-ee
v14.3.3-ee
v14.3.4-ee
v14.3.5-ee