CVE-2023-5512

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-5512

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-5512.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-5512

Aliases

BIT-gitlab-2023-5512

Related

UBUNTU-CVE-2023-5512

Published

2023-12-15T16:15:46Z

Modified

2024-10-11T08:28:52Z

Severity

5.7 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

An issue has been discovered in GitLab CE/EE affecting all versions from 16.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. File integrity may be compromised when specific HTML encoding is used for file names leading for incorrect representation in the UI.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

3dfd4e0bcc7eae4330e7fed87ec74bee9a8bdf2d

Fixed

67af793e55bd098111d3c3e265cd2c92eb283f1c