An input validation issue in the asset proxy in GitLab EE, affecting all versions from 12.3 before 16.2.8, 16.3 before 16.3.5, and 16.4 before 16.4.1, allowed an authenticated malicious user to craft image urls which bypass the asset proxy.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gitlab gitlab |
||
gitlab gitlab 16.4.0 |