XSS vulnerability in GitLab prior to 6.5.0 (blog.gitlab.org) 27 points by alsutton010203 12y ago ↗ HN
[–] namarkiv 12y ago ↗ Looks like this is the fix: https://github.com/gitlabhq/gitlabhq/commit/d6c037de81096680...
[–] emillon 12y ago ↗ That's quite surprising, it's a textbook XSS vulnerability. It seems to me that their markdown library should escape entities by default or they will have many other vulns.
3 comments
[ 2.7 ms ] story [ 15.8 ms ] thread