CVE-2021-39935

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-39935
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-39935.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-39935
Aliases
Downstream
Published
2021-12-13T16:15:09.367Z
Modified
2026-04-10T04:37:36.601360Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.5 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Unauthorized external users could perform Server Side Requests via the CI Lint API

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
fa49afab45259cd56ea7d1505d3ec7757770cfa9
Fixed
057790c613dea428aa523357c333ced5433794ee
Introduced
fa49afab45259cd56ea7d1505d3ec7757770cfa9
Fixed
057790c613dea428aa523357c333ced5433794ee
Introduced
19c719febd74b6edf549bf6a2c0e36bf8f176d56
Fixed
a1175384df48e74899d664520601823016d81084
Introduced
19c719febd74b6edf549bf6a2c0e36bf8f176d56
Fixed
a1175384df48e74899d664520601823016d81084
Introduced
490a8efda84a04e31ac41b882d95bb717c202437
Fixed
4511944420f00a68d5df2b3d81e5dae7fa2888f3
Introduced
490a8efda84a04e31ac41b882d95bb717c202437
Fixed
4511944420f00a68d5df2b3d81e5dae7fa2888f3
Database specific 
{
    "versions": [
        {
            "introduced": "10.5.0"
        },
        {
            "fixed": "14.3.6"
        },
        {
            "introduced": "10.5.0"
        },
        {
            "fixed": "14.3.6"
        },
        {
            "introduced": "14.4.0"
        },
        {
            "fixed": "14.4.4"
        },
        {
            "introduced": "14.4.0"
        },
        {
            "fixed": "14.4.4"
        },
        {
            "introduced": "14.5.0"
        },
        {
            "fixed": "14.5.2"
        },
        {
            "introduced": "14.5.0"
        },
        {
            "fixed": "14.5.2"
        }
    ]
}

Affected versions

v14.*
v14.4.0-ee
v14.4.2-ee
v14.4.3-ee
v14.5.0-ee
v14.5.1-ee

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-39935.json"