CVE-2018-17452

Published: 2023-04-15T23:15Z

Last Modified: 2025-02-06T21:15Z

Source: MITRE CVE List

License: MITRE-CVE-TOS

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery (SSRF) via a loopback address to the validate_localhost function in url_blocker.rb. > MITRE Terms of Use apply – see LICENSE‑MITRE.txt