CVE-2023-2181

by Fred · 12/05/2023

An issue has been discovered in GitLab affecting all versions before 15.9.8, 15.10.0 before 15.10.7, and 15.11.0 before 15.11.3. A malicious developer could use a git feature called refs/replace to smuggle content into a merge request which would not be visible during review in the UI.

Date published : 2023-05-12

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2181.json

https://gitlab.com/gitlab-org/gitlab/-/issues/407859