Source: gitlab Version: 8.13.11+dfsg1-3 Severity: grave Tags: upstream security Forwarded: https://gitlab.com/gitlab-org/gitlab-ce/issues/27471
Hi, the following vulnerability was published for gitlab. Please note I was not able to verfy that affects back 8.13.11, and the merge request has restricted access. Can you confirm 8.13.11+dfsg1-3 is affected as well? CVE-2017-8778[0]: | GitLab before 8.14.9, 8.15.x before 8.15.6, and 8.16.x before 8.16.5 | has XSS via a SCRIPT element in an issue attachment or avatar that is | an SVG document. If you fix the vulnerability please also make sure to include the CVE (Common Vulnerabilities & Exposures) id in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-8778 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-8778 Please adjust the affected versions in the BTS as needed. Regards, Salvatore