FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2026-03-07 08:40:34 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
589de937-343f-11ef-8a7b-001b217b3468	Gitlab -- Vulnerabilities Gitlab reports: Run pipelines as any user Stored XSS injected in imported project's commit notes CSRF on GraphQL API IntrospectionQuery Remove search results from public projects with unauthorized repos Cross window forgery in user application OAuth flow Project maintainers can bypass group's merge request approval policy ReDoS via custom built markdown page Private job artifacts can be accessed by any user Security fixes for banzai pipeline ReDoS in dependency linker Denial of service using a crafted OpenAPI file Merge request title disclosure Access issues and epics without having an SSO session Non project member can promote key results to objectives Discovery 2024-06-26 Entry 2024-06-27 gitlab-ce gitlab-ee >= 17.1.0 lt 17.1.1 >= 17.0.0 lt 17.0.3 >= 1.0.0 lt 16.11.5 CVE-2024-5655 CVE-2024-4901 CVE-2024-4994 CVE-2024-6323 CVE-2024-2177 CVE-2024-5430 CVE-2024-4025 CVE-2024-3959 CVE-2024-4557 CVE-2024-1493 CVE-2024-1816 CVE-2024-2191 CVE-2024-3115 CVE-2024-4011 https://about.gitlab.com/releases/2024/06/26/patch-release-gitlab-17-1-1-released/

VuXML ID

Description

589de937-343f-11ef-8a7b-001b217b3468

Gitlab -- Vulnerabilities

Gitlab reports:

Run pipelines as any user

Stored XSS injected in imported project's commit notes

CSRF on GraphQL API IntrospectionQuery

Remove search results from public projects with unauthorized repos

Cross window forgery in user application OAuth flow

Project maintainers can bypass group's merge request approval policy

ReDoS via custom built markdown page

Private job artifacts can be accessed by any user

Security fixes for banzai pipeline

ReDoS in dependency linker

Denial of service using a crafted OpenAPI file

Merge request title disclosure

Access issues and epics without having an SSO session

Non project member can promote key results to objectives

Discovery 2024-06-26
Entry 2024-06-27
gitlab-ce
gitlab-ee

>= 17.1.0 lt 17.1.1

>= 17.0.0 lt 17.0.3

>= 1.0.0 lt 16.11.5

CVE-2024-5655
CVE-2024-4901
CVE-2024-4994
CVE-2024-6323
CVE-2024-2177
CVE-2024-5430
CVE-2024-4025
CVE-2024-3959
CVE-2024-4557
CVE-2024-1493
CVE-2024-1816
CVE-2024-2191
CVE-2024-3115
CVE-2024-4011
https://about.gitlab.com/releases/2024/06/26/patch-release-gitlab-17-1-1-released/