CVE-2024-4207

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-4207
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-4207.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-4207
Aliases
Downstream
Published
2024-08-08T10:31:12.873Z
Modified
2026-04-10T05:16:00.967108Z
Severity
  • 4.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator
Summary
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab
Details

A cross-site scripting issue has been discovered in GitLab affecting all versions starting from 5.1 prior 17.0.6, starting from 17.1 prior to 17.1.4, and starting from 17.2 prior to 17.2.2. When viewing an XML file in a repository in raw mode, it can be made to render as HTML if viewed under specific circumstances.

Database specific 
{
    "cwe_ids": [
        "CWE-79"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/4xxx/CVE-2024-4207.json",
    "cna_assigner": "GitLab"
}
References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
cbcfe12f58b815db9b9263b36f1576ae389b7276
Fixed
0769166123e68c6e8fcf99c499c399b8812e9a82
Database specific 
{
    "versions": [
        {
            "introduced": "5.1"
        },
        {
            "fixed": "17.0.6"
        }
    ]
}
Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
b7514f9c21c09a9ed2b258f5cfdd56c88f43864a
Fixed
c11684311cb582565711ac4c83ba4764aa73c8f7
Database specific 
{
    "versions": [
        {
            "introduced": "17.1"
        },
        {
            "fixed": "17.1.4"
        }
    ]
}
Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
f1ebbe522423b514610449d0f6dc7a262f855314
Fixed
49db6c4d6ac633e3d64f9c72a89c1af9f7c5d575
Database specific 
{
    "versions": [
        {
            "introduced": "17.2"
        },
        {
            "fixed": "17.2.2"
        }
    ]
}

Affected versions

Other
11-10-0cfa69752d8-0d9531c80-ee
11-10-0cfa69752d8-74ffd66ae-ee
11-10-119f9509d50-6d7537235-ee
v17.*
v17.0.0-ee
v17.0.0-rc42-ee
v17.0.1-rc42-ee
v17.1.0-ee
v17.2.0-ee
v5.*
v5.1.0
v5.2.0
v6.*
v6.0.0-ee
v6.0.0-ee.beta
v6.0.0-ee.rc1
v6.1.0-ee
v6.3.0-ee
v6.3.1-ee
v6.4.0-ee
v6.5.0-ee
v6.6.0-ee
v6.7.0-ee
v6.7.0.rc1-ee
v6.8.0-ee
v7.*
v7.0.0-ee
v7.1.0-ee
v7.1.0.rc1-ee
v7.2.0.rc1-ee
v7.2.0.rc2-ee
v7.2.0.rc3-ee
v7.2.0.rc4-ee
v7.2.0.rc5-ee
v7.3.0-ee
v7.3.0.rc1-ee

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-4207.json"