CVE-2021-39947

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-39947

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-39947.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-39947

Downstream

UBUNTU-CVE-2021-39947

Published

2022-06-06T17:15:09.893Z

Modified

2026-04-10T04:42:28.276989Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

In specific circumstances, trace file buffers in GitLab Runner versions up to 14.3.4, 14.4 to 14.4.2, and 14.5 to 14.5.2 would re-use the file descriptor 0 for multiple traces and mix the output of several jobs

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab-runner

Affected ranges

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab-runner

Events

Introduced

Fixed

77516d85d2887b22a68502aaf10b9e6676f22c81

Introduced

4b9e985ab8986c344903898ef682a122718f9632

Fixed

50fc80a613809c2666fdf93b5f79e68b2292c92e

Introduced

f0a95a76c6db80232ae46716938e1b3c27950b3b

Fixed

e91107ddeb1c6012d15b2e79d1c25796b7b446ec

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "14.3.4"
        },
        {
            "introduced": "14.4.0"
        },
        {
            "fixed": "14.4.2"
        },
        {
            "introduced": "14.5.0"
        },
        {
            "fixed": "14.5.2"
        }
    ]
}

Affected versions

0.*

0.4.0

0.4.1

0.4.2

v0.*

v0.1.0

v0.1.1

v0.1.10

v0.1.11

v0.1.12

v0.1.13

v0.1.14

v0.1.15

v0.1.16

v0.1.17

v0.1.2

v0.1.3

v0.1.4

v0.1.5

v0.1.6

v0.1.7

v0.1.8

v0.1.9

v0.2.0

v0.3.0

v0.3.1

v0.3.2

v0.5.0

v0.5.1

v0.5.2

v0.6.0

v0.7.0

v0.7.1

v0.7.2

v1.*

v1.0.0

v1.0.1

v1.0.2

v1.1.0

v1.10.0

v1.10.0-rc.1

v1.11.0

v1.2.0

v1.3.0

v1.4.0

v1.6.0

v1.6.0-rc.1

v1.6.0-rc.2

v1.7.0

v1.7.0-rc.1

v1.7.0-rc.2

v1.7.0-rc.3

v1.8.0

v1.8.0-rc.1

v1.9.0

v1.9.0-rc.1

v1.9.0-rc.2

v1.9.0-rc.3

v1.9.0-rc.4

v1.9.0-rc.5

v10.*

v10.0.0-rc.1

v10.1.0-rc.1

v10.2.0-rc.1

v10.3.0-rc.1

v10.4.0-rc1

v10.5.0-rc1

v10.6.0-rc1

v10.7.0-rc1

v10.8.0-rc1

v11.*

v11.0.0-rc1

v11.1.0-rc1

v11.10.0-rc1

v11.2.0-rc1

v11.3.0-rc1

v11.4.0-rc1

v11.5.0-rc1

v11.6.0-rc1

v11.7.0-rc1

v11.8.0-rc1

v11.9.0-rc1

v12.*

v12.0.0-rc1

v12.1.0-rc1

v12.10.0-rc1

v12.3.0-rc1

v12.4.0-rc1

v12.5.0-rc1

v12.6.0-rc1

v12.7.0-rc1

v12.8.0-rc1

v12.9.0-rc1

v13.*

v13.0.0-rc1

v13.1.0-rc1

v13.10.0-rc1

v13.11.0-rc1

v13.12.0-rc1

v13.2.0-rc1

v13.3.0-rc1

v13.4.0-rc1

v13.5.0-rc1

v13.6.0-rc1

v13.7.0-rc1

v13.8.0-rc1

v13.9.0-rc1

v14.*

v14.0.0-rc1

v14.1.0-rc1

v14.2.0-rc1

v14.3.0

v14.3.0-rc1

v14.3.1

v14.3.2

v14.3.3

v14.4.0

v14.4.1

v14.5.0

v14.5.1

v9.*

v9.0.0

v9.0.0-rc.1

v9.0.0-rc.2

v9.0.0-rc.3

v9.1.0

v9.1.0-rc.1

v9.1.0-rc.2

v9.1.0-rc.3

v9.2.0

v9.2.0-rc.1

v9.2.0-rc.2

v9.3.0

v9.3.0-rc.1

v9.3.0-rc.2

v9.4.0

v9.4.0-rc.1

v9.4.0-rc.2

v9.4.0-rc.3

v9.5.0

v9.5.0-rc.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-39947.json"