GitLab Product Security Update Advisory

Oct 30 2024

Overview

An update has been released to address vulnerabilities in GitLab Products. Users of the affected versions are advised to update to the latest version.

Affected Products

CVE-2024-8312

GitLab CE/EE versions: 15.10 (inclusive) ~ 17.3.6 (excluded)
GitLab CE/EE versions: 17.4 (inclusive) ~ 17.4.3 (excluded)
GitLab CE/EE versions: 17.5 (inclusive) ~ 17.5.1 (excluded)

Resolved Vulnerabilities

Vulnerability that allows attackers to conduct XSS attacks by injecting HTML into the global search field in the diff view (CVE-2024-8312)

Vulnerability Patches

Vulnerability Patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

CVE-2024-8312

GitLab CE/EE version: 17.3.6
GitLab CE/EE version: 17.4.3
GitLab CE/EE version: 17.5.1

Referenced Sites

[1] GitLab Patch Release: 17.5.1, 17.4.3, 17.3.6

https://about.gitlab.com/releases/2024/10/23/patch-release-gitlab-17-5-1-released/

GitLab Product Security Update Advisory

NVIDIA Family Security Update Advisory

Squid Security Update Advisory (CVE-2024-45802)

Tags:

NVIDIA Family Security Update Advisory

Squid Security Update Advisory (CVE-2024-45802)