GitLab 17.4.0 Community Edition
Approved changes feed: RSS · Atom
cpe:2.3:a:gitlab:gitlab:17.4.0:*:*:*:community:*:*:*
part: a version: 17.4.0 update: *
| Vendor | Gitlab (57573e99-56e6-5fad-895e-0ce7fffc5b90) |
|---|---|
| Product | Gitlab (5414fcda-a172-5f72-b6e4-b415a19d21eb) |
| Edition | * |
| Language | * |
| Software edition | community |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:gitlab/gitlab-org/gitlab |
purl2cpe | 2026-06-01 10:14:46.352232 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-8974 |
vulnerable | 2026-06-03 14:58:20.138185 |
Incorrect Provision of Specified Functionality in GitLab
LOW (2.6)
Information disclosure in Gitlab EE/CE affecting all versions from 15.6 prior to 17.2.8, 17.3 prior to 17.3.4, and 17.4 prior to 17.4.1 in specific conditions it was possible to disclose to an unauthorised user the path of a private project."
Published: 2024-09-26T23:02:00.153Z
Updated: 2024-09-27T15:46:48.041Z Reference links |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2024-10383 |
vulnerable | 2026-06-03 14:54:05.467921 |
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab VSCode Fork
HIGH (8.7)
An issue has been discovered in the gitlab-web-ide-vscode-fork component distributed over CDN affecting all versions prior to 1.89.1-1.0.0-dev-20241118094343and used by all versions of GitLab CE/EE starting from 15.11 prior to 17.3 and which also temporarily affected versions 17.4, 17.5 and 17.6, where a XSS attack was possible when loading .ipynb files in the web IDE
Published: 2025-02-07T14:12:41.757Z
Updated: 2025-02-12T15:17:24.562Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.