GCVE - cpe:2.3:a:gitlab:gitlab:14.4.0:*:*:*:community:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:gitlab:gitlab:14.4.0:*:*:*:community:*:*:*

part: a version: 14.4.0 update: *

Vendor	Gitlab (`57573e99-56e6-5fad-895e-0ce7fffc5b90`)
Product	Gitlab (`5414fcda-a172-5f72-b6e4-b415a19d21eb`)
Edition	*
Language	*
Software edition	community
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:gitlab/gitlab-org/gitlab`	purl2cpe	2026-06-01 10:14:46.277864

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2021-39914`	vulnerable	2026-06-03 14:45:09.851469	Details available LOW (3.1) A regular expression denial of service issue in GitLab versions 8.13 to 14.2.5, 14.3.0 to 14.3.3 and 14.4.0 could cause excessive usage of resources when a specially crafted username was used when provisioning a new user Published: 2021-11-04T22:39:17.000Z Updated: 2024-08-04T02:20:33.786Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/289948 https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39914.json	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-39908`	vulnerable	2026-06-03 14:45:09.849035	Details available MEDIUM (6.5) In all versions of GitLab CE/EE starting from 0.8.0 before 14.2.6, all versions starting from 14.3 before 14.3.4, and all versions starting from 14.4 before 14.4.1 certain Unicode characters can be abused to commit malicious code into projects without being noticed in merge request or source code viewer UI. Published: 2022-04-01T22:17:38.000Z Updated: 2024-08-04T02:20:33.693Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/337193 https://hackerone.com/reports/1280077 https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39908.json	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-39903`	vulnerable	2026-06-03 14:45:09.844327	Details available MEDIUM (6.5) In all versions of GitLab CE/EE since version 13.0, a privileged user, through an API call, can change the visibility level of a group or a project to a restricted option even after the instance administrator sets that visibility option as restricted in settings. Published: 2021-11-04T22:42:01.000Z Updated: 2024-08-04T02:20:33.686Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/300017 https://hackerone.com/reports/1086781 https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39903.json	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-39902`	vulnerable	2026-06-03 14:45:09.843868	Details available MEDIUM (4.3) Incorrect Authorization in GitLab CE/EE 13.4 or above allows a user with guest membership in a project to modify the severity of an incident. Published: 2021-11-04T22:40:34.000Z Updated: 2024-08-04T02:20:33.778Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/341479 https://hackerone.com/reports/1341674 https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39902.json	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-39901`	vulnerable	2026-06-03 14:45:09.842717	Details available LOW (2.7) In all versions of GitLab CE/EE since version 11.10, an admin of a group can see the SCIM token of that group by visiting a specific endpoint. Published: 2021-11-04T23:09:28.000Z Updated: 2024-08-04T02:20:33.701Z Open on db.gcve.eu Reference links https://gitlab.com/gitlab-org/gitlab/-/issues/11640 https://hackerone.com/reports/565884 https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39901.json	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.