Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
XSS vulnerability in GitLab prior to 6.5.0
(
blog.gitlab.org
)
27 points
by
alsutton010203
on Jan 31, 2014
|
hide
|
past
|
favorite
|
3 comments
namarkiv
on Jan 31, 2014
|
next
[–]
Looks like this is the fix:
https://github.com/gitlabhq/gitlabhq/commit/d6c037de81096680...
Ysx
on Jan 31, 2014
|
prev
|
next
[–]
CVE and exploit at
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-731...
emillon
on Jan 31, 2014
|
prev
[–]
That's quite surprising, it's a textbook XSS vulnerability. It seems to me that their markdown library should escape entities by default or they will have many other vulns.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
