GitLab 8.10 and later through 12.9 is vulnerable to an SSRF in a project import note feature.
{ "binaries": [ { "binary_name": "gitlab", "binary_version": "8.5.8+dfsg-5" } ] }