Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
XSS vulnerability in GitLab prior to 6.5.0
(
blog.gitlab.org
)
27 points
by
alsutton010203
on Jan 31, 2014
|
hide
|
past
|
favorite
|
3 comments
namarkiv
on Jan 31, 2014
|
next
[–]
Looks like this is the fix:
https://github.com/gitlabhq/gitlabhq/commit/d6c037de81096680...
Ysx
on Jan 31, 2014
|
prev
|
next
[–]
CVE and exploit at
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-731...
emillon
on Jan 31, 2014
|
prev
[–]
That's quite surprising, it's a textbook XSS vulnerability. It seems to me that their markdown library should escape entities by default or they will have many other vulns.
Consider applying for YC's Summer 2026 batch! Applications are open till May 4
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
