{"vulnerability": "cve-2020-2640", "sightings": [{"uuid": "da792bdb-fa8c-47c4-9dea-942327d9ee34", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-26409", "type": "seen", "source": "https://t.me/cibsecurity/20037", "content": "\u203c CVE-2020-26409 \u203c\n\nA DOS vulnerability exists in Gitlab CE/EE &gt;=10.3, &lt;13.4.7,&gt;=13.5, &lt;13.5.5,&gt;=13.6, &lt;13.6.2 that allows an attacker to trigger uncontrolled resource by bypassing input validation in markdown fields.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T16:15:56.000000Z"}, {"uuid": "58538551-69f4-400e-9076-959aa9edbb21", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-26409", "type": "seen", "source": "https://t.me/cibsecurity/19998", "content": "\u203c CVE-2020-26409 \u203c\n\nA DOS vulnerability exists in Gitlab CE/EE &gt;=10.3, &lt;13.4.7,&gt;=13.5, &lt;13.5.5,&gt;=13.6, &lt;13.6.2 that allows an attacker to trigger uncontrolled resource by bypassing input validation in markdown fields.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T14:41:31.000000Z"}, {"uuid": "e0feba95-37db-4141-810e-05b2210654df", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-26409", "type": "seen", "source": "https://t.me/cibsecurity/20114", "content": "\u203c CVE-2020-26409 \u203c\n\nA DOS vulnerability exists in Gitlab CE/EE &gt;=10.3, &lt;13.4.7,&gt;=13.5, &lt;13.5.5,&gt;=13.6, &lt;13.6.2 that allows an attacker to trigger uncontrolled resource by bypassing input validation in markdown fields.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T17:25:21.000000Z"}, {"uuid": "9fd69369-af88-4c46-a91c-808866daebf3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-26409", "type": "seen", "source": "https://t.me/cibsecurity/20076", "content": "\u203c CVE-2020-26409 \u203c\n\nA DOS vulnerability exists in Gitlab CE/EE &gt;=10.3, &lt;13.4.7,&gt;=13.5, &lt;13.5.5,&gt;=13.6, &lt;13.6.2 that allows an attacker to trigger uncontrolled resource by bypassing input validation in markdown fields.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T16:25:24.000000Z"}, {"uuid": "20a06c0b-7463-4ae4-b364-cbfb96b1760b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-26409", "type": "seen", "source": "https://t.me/cibsecurity/20056", "content": "\u203c CVE-2020-26409 \u203c\n\nA DOS vulnerability exists in Gitlab CE/EE &gt;=10.3, &lt;13.4.7,&gt;=13.5, &lt;13.5.5,&gt;=13.6, &lt;13.6.2 that allows an attacker to trigger uncontrolled resource by bypassing input validation in markdown fields.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T16:24:12.000000Z"}, {"uuid": "44ee14f6-6f34-473e-8676-71a4b8977262", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-26409", "type": "seen", "source": "https://t.me/cibsecurity/19902", "content": "\u203c CVE-2020-26409 \u203c\n\nA DOS vulnerability exists in Gitlab CE/EE &gt;=10.3, &lt;13.4.7,&gt;=13.5, &lt;13.5.5,&gt;=13.6, &lt;13.6.2 that allows an attacker to trigger uncontrolled resource by bypassing input validation in markdown fields.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T12:25:27.000000Z"}, {"uuid": "ca02dbbd-0cb4-4561-8c5b-3ba6828c12e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-26409", "type": "seen", "source": "https://t.me/cibsecurity/20170", "content": "\u203c CVE-2020-26409 \u203c\n\nA DOS vulnerability exists in Gitlab CE/EE &gt;=10.3, &lt;13.4.7,&gt;=13.5, &lt;13.5.5,&gt;=13.6, &lt;13.6.2 that allows an attacker to trigger uncontrolled resource by bypassing input validation in markdown fields.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T18:24:12.000000Z"}, {"uuid": "8bbe429f-ceeb-4cb3-8f62-b31c799bcd90", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-26409", "type": "seen", "source": "https://t.me/cibsecurity/20132", "content": "\u203c CVE-2020-26409 \u203c\n\nA DOS vulnerability exists in Gitlab CE/EE &gt;=10.3, &lt;13.4.7,&gt;=13.5, &lt;13.5.5,&gt;=13.6, &lt;13.6.2 that allows an attacker to trigger uncontrolled resource by bypassing input validation in markdown fields.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T18:04:56.000000Z"}, {"uuid": "b4a01b16-dfdd-4968-b9d9-ff583703f5e3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-26409", "type": "seen", "source": "https://t.me/cibsecurity/20018", "content": "\u203c CVE-2020-26409 \u203c\n\nA DOS vulnerability exists in Gitlab CE/EE &gt;=10.3, &lt;13.4.7,&gt;=13.5, &lt;13.5.5,&gt;=13.6, &lt;13.6.2 that allows an attacker to trigger uncontrolled resource by bypassing input validation in markdown fields.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T15:25:20.000000Z"}, {"uuid": "fca988c3-7d13-4e30-91f2-2c594aee47b3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-26405", "type": "seen", "source": "https://t.me/cibsecurity/17355", "content": "\u203c CVE-2020-26405 \u203c\n\nPath traversal vulnerability in package upload functionality in GitLab CE/EE starting from 12.8 allows an attacker to save packages in arbitrary locations. Affected versions are &gt;=12.8, &lt;13.3.9,&gt;=13.4, &lt;13.4.5,&gt;=13.5, &lt;13.5.2.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-09T04:25:18.000000Z"}, {"uuid": "96534aab-5276-4229-b3e1-956f96caacd7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-26407", "type": "seen", "source": "https://t.me/cibsecurity/18879", "content": "\u203c CVE-2020-26407 \u203c\n\nA XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to perform cross-site scripting to other users via importing a malicious project\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T15:23:33.000000Z"}, {"uuid": "ed3dd5ba-7eae-46fb-a811-15ccec766d60", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-26405", "type": "seen", "source": "https://t.me/cibsecurity/16471", "content": "\u203c CVE-2020-26405 \u203c\n\nPath traversal vulnerability in package upload functionality in GitLab CE/EE starting from 12.8 allows an attacker to save packages in arbitrary locations. Affected versions are &gt;=12.8, &lt;13.3.9,&gt;=13.4, &lt;13.4.5,&gt;=13.5, &lt;13.5.2.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-11-17T22:39:26.000000Z"}, {"uuid": "d368fd37-802a-4e3a-94bc-e31c1ce2fd09", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-26409", "type": "seen", "source": "https://t.me/cibsecurity/20229", "content": "\u203c CVE-2020-26409 \u203c\n\nA DOS vulnerability exists in Gitlab CE/EE &gt;=10.3, &lt;13.4.7,&gt;=13.5, &lt;13.5.5,&gt;=13.6, &lt;13.6.2 that allows an attacker to trigger uncontrolled resource by bypassing input validation in markdown fields.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T18:34:19.000000Z"}, {"uuid": "c6fa7fd2-ef10-42e7-ad9e-6b38ff932aea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-26409", "type": "seen", "source": "https://t.me/cibsecurity/20152", "content": "\u203c CVE-2020-26409 \u203c\n\nA DOS vulnerability exists in Gitlab CE/EE &gt;=10.3, &lt;13.4.7,&gt;=13.5, &lt;13.5.5,&gt;=13.6, &lt;13.6.2 that allows an attacker to trigger uncontrolled resource by bypassing input validation in markdown fields.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T18:11:04.000000Z"}, {"uuid": "6c481291-7743-4946-9745-1956aa4882a2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-26409", "type": "seen", "source": "https://t.me/cibsecurity/20094", "content": "\u203c CVE-2020-26409 \u203c\n\nA DOS vulnerability exists in Gitlab CE/EE &gt;=10.3, &lt;13.4.7,&gt;=13.5, &lt;13.5.5,&gt;=13.6, &lt;13.6.2 that allows an attacker to trigger uncontrolled resource by bypassing input validation in markdown fields.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T16:35:24.000000Z"}, {"uuid": "aa62b4a5-c6bd-4aab-8219-4b89b46d62ab", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-26407", "type": "seen", "source": "https://t.me/cibsecurity/19034", "content": "\u203c CVE-2020-26407 \u203c\n\nA XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to perform cross-site scripting to other users via importing a malicious project\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T17:25:14.000000Z"}, {"uuid": "18c5a31a-4576-4d7b-a7ef-77a64cc02f5b", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-26407", "type": "seen", "source": "https://t.me/cibsecurity/19072", "content": "\u203c CVE-2020-26407 \u203c\n\nA XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to perform cross-site scripting to other users via importing a malicious project\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T17:40:50.000000Z"}, {"uuid": "604355e3-a040-4a70-94ff-ae8ca9321619", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-26407", "type": "seen", "source": "https://t.me/cibsecurity/19052", "content": "\u203c CVE-2020-26407 \u203c\n\nA XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to perform cross-site scripting to other users via importing a malicious project\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T17:33:18.000000Z"}, {"uuid": "a0a9fef0-53bb-442d-b056-8a464fcc45f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-26407", "type": "seen", "source": "https://t.me/cibsecurity/19091", "content": "\u203c CVE-2020-26407 \u203c\n\nA XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to perform cross-site scripting to other users via importing a malicious project\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T17:53:24.000000Z"}, {"uuid": "3b7eaa99-a85c-4b85-8c45-97ffba9f43b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-26407", "type": "seen", "source": "https://t.me/cibsecurity/19129", "content": "\u203c CVE-2020-26407 \u203c\n\nA XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to perform cross-site scripting to other users via importing a malicious project\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T18:23:24.000000Z"}, {"uuid": "047aaa3d-086f-4b0c-9810-47680028c3cf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-26407", "type": "seen", "source": "https://t.me/cibsecurity/19110", "content": "\u203c CVE-2020-26407 \u203c\n\nA XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to perform cross-site scripting to other users via importing a malicious project\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T18:04:22.000000Z"}, {"uuid": "7b293cf1-546a-400c-9a56-cd34c003002c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-26407", "type": "seen", "source": "https://t.me/cibsecurity/19014", "content": "\u203c CVE-2020-26407 \u203c\n\nA XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to perform cross-site scripting to other users via importing a malicious project\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T17:23:44.000000Z"}, {"uuid": "6fc61b50-b707-415c-b8a1-5798c8fba272", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-26409", "type": "seen", "source": "https://t.me/cibsecurity/20210", "content": "\u203c CVE-2020-26409 \u203c\n\nA DOS vulnerability exists in Gitlab CE/EE &gt;=10.3, &lt;13.4.7,&gt;=13.5, &lt;13.5.5,&gt;=13.6, &lt;13.6.2 that allows an attacker to trigger uncontrolled resource by bypassing input validation in markdown fields.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T18:31:17.000000Z"}, {"uuid": "44ddf752-2ee9-4397-95a3-8fd8b4ef18d8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-26407", "type": "seen", "source": "https://t.me/cibsecurity/19149", "content": "\u203c CVE-2020-26407 \u203c\n\nA XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to perform cross-site scripting to other users via importing a malicious project\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T18:25:18.000000Z"}, {"uuid": "ad4637d3-c0ae-4fa6-a7eb-6939e8690fee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-26409", "type": "seen", "source": "https://t.me/cibsecurity/20190", "content": "\u203c CVE-2020-26409 \u203c\n\nA DOS vulnerability exists in Gitlab CE/EE &gt;=10.3, &lt;13.4.7,&gt;=13.5, &lt;13.5.5,&gt;=13.6, &lt;13.6.2 that allows an attacker to trigger uncontrolled resource by bypassing input validation in markdown fields.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T18:25:12.000000Z"}, {"uuid": "512fb62d-0987-4a9b-b6ec-4f0700fb1d8d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-26409", "type": "seen", "source": "https://t.me/cibsecurity/19941", "content": "\u203c CVE-2020-26409 \u203c\n\nA DOS vulnerability exists in Gitlab CE/EE &gt;=10.3, &lt;13.4.7,&gt;=13.5, &lt;13.5.5,&gt;=13.6, &lt;13.6.2 that allows an attacker to trigger uncontrolled resource by bypassing input validation in markdown fields.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T13:25:26.000000Z"}, {"uuid": "f3f75c0a-2e45-4794-b5c9-f1604e1d9421", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-26409", "type": "seen", "source": "https://t.me/cibsecurity/19978", "content": "\u203c CVE-2020-26409 \u203c\n\nA DOS vulnerability exists in Gitlab CE/EE &gt;=10.3, &lt;13.4.7,&gt;=13.5, &lt;13.5.5,&gt;=13.6, &lt;13.6.2 that allows an attacker to trigger uncontrolled resource by bypassing input validation in markdown fields.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T14:35:21.000000Z"}, {"uuid": "1789a484-af84-4caf-ba23-94ea7ffddcbc", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-26409", "type": "seen", "source": "https://t.me/cibsecurity/19961", "content": "\u203c CVE-2020-26409 \u203c\n\nA DOS vulnerability exists in Gitlab CE/EE &gt;=10.3, &lt;13.4.7,&gt;=13.5, &lt;13.5.5,&gt;=13.6, &lt;13.6.2 that allows an attacker to trigger uncontrolled resource by bypassing input validation in markdown fields.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T14:25:35.000000Z"}, {"uuid": "f5362e3a-9056-43f4-a1db-f3c114a8ae17", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-26409", "type": "seen", "source": "https://t.me/cibsecurity/19782", "content": "\u203c CVE-2020-26409 \u203c\n\nA DOS vulnerability exists in Gitlab CE/EE &gt;=10.3, &lt;13.4.7,&gt;=13.5, &lt;13.5.5,&gt;=13.6, &lt;13.6.2 that allows an attacker to trigger uncontrolled resource by bypassing input validation in markdown fields.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T07:35:21.000000Z"}, {"uuid": "32b88641-6210-41d7-9a6e-84cfe5797ed1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-26409", "type": "seen", "source": "https://t.me/cibsecurity/19921", "content": "\u203c CVE-2020-26409 \u203c\n\nA DOS vulnerability exists in Gitlab CE/EE &gt;=10.3, &lt;13.4.7,&gt;=13.5, &lt;13.5.5,&gt;=13.6, &lt;13.6.2 that allows an attacker to trigger uncontrolled resource by bypassing input validation in markdown fields.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T12:35:18.000000Z"}, {"uuid": "76b3587e-4917-4e41-8c38-6b3cda177aa4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-26409", "type": "seen", "source": "https://t.me/cibsecurity/19882", "content": "\u203c CVE-2020-26409 \u203c\n\nA DOS vulnerability exists in Gitlab CE/EE &gt;=10.3, &lt;13.4.7,&gt;=13.5, &lt;13.5.5,&gt;=13.6, &lt;13.6.2 that allows an attacker to trigger uncontrolled resource by bypassing input validation in markdown fields.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T11:25:34.000000Z"}, {"uuid": "dbf82176-75b7-42e2-8c7c-0b38152f17f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-26409", "type": "seen", "source": "https://t.me/cibsecurity/19862", "content": "\u203c CVE-2020-26409 \u203c\n\nA DOS vulnerability exists in Gitlab CE/EE &gt;=10.3, &lt;13.4.7,&gt;=13.5, &lt;13.5.5,&gt;=13.6, &lt;13.6.2 that allows an attacker to trigger uncontrolled resource by bypassing input validation in markdown fields.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T10:25:39.000000Z"}, {"uuid": "3154924c-4e2a-4349-9936-6daa8e24a1a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-26409", "type": "seen", "source": "https://t.me/cibsecurity/19842", "content": "\u203c CVE-2020-26409 \u203c\n\nA DOS vulnerability exists in Gitlab CE/EE &gt;=10.3, &lt;13.4.7,&gt;=13.5, &lt;13.5.5,&gt;=13.6, &lt;13.6.2 that allows an attacker to trigger uncontrolled resource by bypassing input validation in markdown fields.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T09:25:34.000000Z"}, {"uuid": "7dea5298-2d24-4af6-866e-61a2066fd5f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-26409", "type": "seen", "source": "https://t.me/cibsecurity/19822", "content": "\u203c CVE-2020-26409 \u203c\n\nA DOS vulnerability exists in Gitlab CE/EE &gt;=10.3, &lt;13.4.7,&gt;=13.5, &lt;13.5.5,&gt;=13.6, &lt;13.6.2 that allows an attacker to trigger uncontrolled resource by bypassing input validation in markdown fields.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T08:25:39.000000Z"}, {"uuid": "9bb0bbb7-cec8-4e84-a696-12078b8575b5", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-26409", "type": "seen", "source": "https://t.me/cibsecurity/19802", "content": "\u203c CVE-2020-26409 \u203c\n\nA DOS vulnerability exists in Gitlab CE/EE &gt;=10.3, &lt;13.4.7,&gt;=13.5, &lt;13.5.5,&gt;=13.6, &lt;13.6.2 that allows an attacker to trigger uncontrolled resource by bypassing input validation in markdown fields.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-11T07:38:20.000000Z"}, {"uuid": "f864500e-f836-4f8c-8a77-6d630c58094c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-26407", "type": "seen", "source": "https://t.me/cibsecurity/18995", "content": "\u203c CVE-2020-26407 \u203c\n\nA XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to perform cross-site scripting to other users via importing a malicious project\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T17:20:41.000000Z"}, {"uuid": "64ed4ceb-88ac-443d-891d-82a2bed7f79f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-26407", "type": "seen", "source": "https://t.me/cibsecurity/18976", "content": "\u203c CVE-2020-26407 \u203c\n\nA XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to perform cross-site scripting to other users via importing a malicious project\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T16:25:15.000000Z"}, {"uuid": "bb4481ee-cf8a-4945-a8a5-fdf48918bfad", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-26407", "type": "seen", "source": "https://t.me/cibsecurity/18918", "content": "\u203c CVE-2020-26407 \u203c\n\nA XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to perform cross-site scripting to other users via importing a malicious project\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T16:03:23.000000Z"}, {"uuid": "2dc928de-bbcc-472c-8a71-6c00aec6d0f6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-26407", "type": "seen", "source": "https://t.me/cibsecurity/18956", "content": "\u203c CVE-2020-26407 \u203c\n\nA XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to perform cross-site scripting to other users via importing a malicious project\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T16:23:32.000000Z"}, {"uuid": "25a24c16-7370-4898-9b62-8773be913214", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-26407", "type": "seen", "source": "https://t.me/cibsecurity/18937", "content": "\u203c CVE-2020-26407 \u203c\n\nA XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to perform cross-site scripting to other users via importing a malicious project\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T16:06:34.000000Z"}, {"uuid": "8c7fd446-d346-4830-baae-9a38acde6224", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-26407", "type": "seen", "source": "https://t.me/cibsecurity/18899", "content": "\u203c CVE-2020-26407 \u203c\n\nA XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to perform cross-site scripting to other users via importing a malicious project\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T15:25:19.000000Z"}, {"uuid": "d3e8783d-638f-4103-9b8d-79af34ecde62", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-26407", "type": "seen", "source": "https://t.me/cibsecurity/18803", "content": "\u203c CVE-2020-26407 \u203c\n\nA XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to perform cross-site scripting to other users via importing a malicious project\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T14:25:24.000000Z"}, {"uuid": "a9aacb1b-6725-42dd-96ed-ee94cc395ecf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-26407", "type": "seen", "source": "https://t.me/cibsecurity/18860", "content": "\u203c CVE-2020-26407 \u203c\n\nA XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to perform cross-site scripting to other users via importing a malicious project\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T14:53:29.000000Z"}, {"uuid": "7a10ef86-c8ff-4d22-b208-b6e9bee1e812", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-26407", "type": "seen", "source": "https://t.me/cibsecurity/18841", "content": "\u203c CVE-2020-26407 \u203c\n\nA XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to perform cross-site scripting to other users via importing a malicious project\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T14:40:56.000000Z"}, {"uuid": "328bdd74-116c-4ea6-a13d-1fed01384ae2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-26407", "type": "seen", "source": "https://t.me/cibsecurity/18821", "content": "\u203c CVE-2020-26407 \u203c\n\nA XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to perform cross-site scripting to other users via importing a malicious project\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T14:33:56.000000Z"}, {"uuid": "279f04bf-3b0a-4274-9064-a9b2be1d57a8", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-26407", "type": "seen", "source": "https://t.me/cibsecurity/18783", "content": "\u203c CVE-2020-26407 \u203c\n\nA XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to perform cross-site scripting to other users via importing a malicious project\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T14:03:20.000000Z"}, {"uuid": "455d15e3-aea2-4546-8c22-97c60092b01c", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-26407", "type": "seen", "source": "https://t.me/cibsecurity/18764", "content": "\u203c CVE-2020-26407 \u203c\n\nA XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to perform cross-site scripting to other users via importing a malicious project\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T13:25:29.000000Z"}, {"uuid": "6c902e09-63f4-4539-bf86-a3a2e0ba25e6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-26407", "type": "seen", "source": "https://t.me/cibsecurity/18744", "content": "\u203c CVE-2020-26407 \u203c\n\nA XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to perform cross-site scripting to other users via importing a malicious project\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T12:41:14.000000Z"}, {"uuid": "446af038-ff1c-4f84-8ce5-8ea7a7f969ea", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-26407", "type": "seen", "source": "https://t.me/cibsecurity/18724", "content": "\u203c CVE-2020-26407 \u203c\n\nA XSS vulnerability exists in Gitlab CE/EE from 12.4 before 13.4.7, 13.5 before 13.5.5, and 13.6 before 13.6.2 that allows an attacker to perform cross-site scripting to other users via importing a malicious project\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-12-10T12:33:50.000000Z"}, {"uuid": "78eb9021-dc9c-41ac-8451-3c2f5a627343", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-26406", "type": "seen", "source": "https://t.me/cibsecurity/16431", "content": "\u203c CVE-2020-26406 \u203c\n\nCertain SAST CiConfiguration information could be viewed by unauthorized users in GitLab EE starting with 13.3. This information was exposed through GraphQL to non-members of public projects with repository visibility restricted as well as guest members on private projects. Affected versions are: &gt;=13.3, &lt;13.3.9,&gt;=13.4, &lt;13.4.5,&gt;=13.5, &lt;13.5.2.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2020-11-17T07:38:38.000000Z"}]}