Most recent comments.

Most recent comments. https://db.gcve.eu Contains only the most 10 recent comments. http://www.rssboard.org/rss-specification python-feedgen en Thu, 21 May 2026 16:42:54 +0000 More details from the vendor https://db.gcve.eu/comment/af885327-bc8d-4e07-9ea5-a86cda87beb0 - GitLab Critical Patch Release: 17.4.2, 17.3.5, 17.2.9 - [https://about.gitlab.com/releases/2024/10/09/patch-release-gitlab-17-4-2-released/](https://about.gitlab.com/releases/2024/10/09/patch-release-gitlab-17-4-2-released/) Run pipelines on arbitrary branches An issue was discovered in GitLab EE affecting all versions starting from 12.5 prior to 17.2.9, starting from 17.3, prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows running pipelines on arbitrary branches. This is a critical severity issue (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N, 9.6). It is now mitigated in the latest release and is assigned CVE-2024-9164. - GitLab Critical Patch Release: 17.4.2, 17.3.5, 17.2.9 - [https://about.gitlab.com/releases/2024/10/09/patch-release-gitlab-17-4-2-released/](https://about.gitlab.com/releases/2024/10/09/patch-release-gitlab-17-4-2-released/) Run pipelines on arbitrary branches An issue was discovered in GitLab EE affecting all versions starting from 12.5 prior to 17.2.9, starting from 17.3, prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows running pipelines on arbitrary branches. This is a critical severity issue (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N, 9.6). It is now mitigated in the latest release and is assigned CVE-2024-9164. https://db.gcve.eu/comment/af885327-bc8d-4e07-9ea5-a86cda87beb0 Fri, 11 Oct 2024 12:22:18 +0000 Possible commit of the patch https://db.gcve.eu/comment/62ceedbe-65b3-4d7b-ab79-6c0240b18d71 From a quick analysis comparing the previous tag and the information found in the the changelog: `[Do not create a pipeline on MR refresh if source branch was deleted](https://gitlab.com/gitlab-org/security/gitlab/-/commit/3dd89a71b436e8218a5d159a1dd75cb2de078129) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4524))` the fix of this vuln seems to be: https://gitlab.com/gitlab-org/gitlab/-/commit/480d0bd7ccdca6f93ff715abcd6c2fa7a9bebec2 From a quick analysis comparing the previous tag and the information found in the the changelog: `[Do not create a pipeline on MR refresh if source branch was deleted](https://gitlab.com/gitlab-org/security/gitlab/-/commit/3dd89a71b436e8218a5d159a1dd75cb2de078129) ([merge request](https://gitlab.com/gitlab-org/security/gitlab/-/merge_requests/4524))` the fix of this vuln seems to be: https://gitlab.com/gitlab-org/gitlab/-/commit/480d0bd7ccdca6f93ff715abcd6c2fa7a9bebec2 https://db.gcve.eu/comment/62ceedbe-65b3-4d7b-ab79-6c0240b18d71 Fri, 11 Oct 2024 12:46:48 +0000