CVE-2021-39946

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-39946
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-39946.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-39946
Aliases
Downstream
Published
2022-01-18T17:15:08.777Z
Modified
2026-02-13T02:56:25.687757Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

Improper neutralization of user input in GitLab CE/EE versions 14.3 to 14.3.6, 14.4 to 14.4.4, and 14.5 to 14.5.2 allowed an attacker to exploit XSS by abusing the generation of the HTML code related to emojis

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
19c719febd74b6edf549bf6a2c0e36bf8f176d56
Fixed
a1175384df48e74899d664520601823016d81084
Introduced
490a8efda84a04e31ac41b882d95bb717c202437
Fixed
4511944420f00a68d5df2b3d81e5dae7fa2888f3
Introduced
dec73e99fddac59c0bf816dc4bffd2a30abae6de
Fixed
057790c613dea428aa523357c333ced5433794ee

Affected versions

v14.*
v14.3.0-ee
v14.3.1-ee
v14.3.2-ee
v14.3.3-ee
v14.3.4-ee
v14.3.5-ee
v14.4.0-ee
v14.4.1-ee
v14.4.2-ee
v14.4.3-ee
v14.5.0-ee
v14.5.1-ee

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-39946.json"