Your submission was sent successfully! Close

CVE-2019-5464

Published: 28 January 2020

A flawed DNS rebinding protection issue was discovered in GitLab CE/EE 10.2 and later in the `url_blocker.rb` which could result in SSRF where the library is utilized.

Priority

Medium

CVSS 3 base score: 9.8

Status

Package Release Status
gitlab
Launchpad, Ubuntu, Debian
bionic Does not exist

disco Does not exist

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Not vulnerable
(code not present)