8Ayac

**Name of the Vulnerable Software and Affected Versions** GitLab Community and Enterprise Edition versions 11.1.0 through 11.1.7 GitLab Community and Enterprise Edition versions 11.2.0 through 11.2.4 GitLab Community and Enterprise Edition versions 11.3.0 through 11.3.1 **Description** The issue is related to stored XSS on the issue details screen. **Recommendations** For versions 11.1.0 through 11.1.7, update to version 11.1.7 or later. For versions 11.2.0 through 11.2.4, update to version 11.2.4 or later. For versions 11.3.0 through 11.3.1, update to version 11.3.1 or later.

Name of the Vulnerable Software and Affected Versions: GitLab Enterprise Edition versions 8.3 through 12.0.2 Description: An issue was discovered in the color codes decoder, which was vulnerable to a resource depletion attack if specific formats were used, allowing Uncontrolled Resource Consumption. The issue also involves Incorrect Access Control. Recommendations: For GitLab Enterprise Edition versions 8.3 through 12.0.2, consider disabling the color codes decoder as a temporary workaround until a patch is available. Restrict access to the color codes decoder module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GitLab Community and Enterprise Edition versions prior to 11.5.8 GitLab Community and Enterprise Edition versions 11.6.x prior to 11.6.6 GitLab Community and Enterprise Edition versions 11.7.x prior to 11.7.1 **Description** The issue allows for Denial of Service. Inputting an overly long string into a Markdown field could cause a denial of service. **Recommendations** For versions prior to 11.5.8, update to version 11.5.8 or later. For versions 11.6.x prior to 11.6.6, update to version 11.6.6 or later. For versions 11.7.x prior to 11.7.1, update to version 11.7.1 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab Community and Enterprise Edition versions prior to 11.2.7 GitLab Community and Enterprise Edition versions 11.3.x prior to 11.3.8 GitLab Community and Enterprise Edition versions 11.4.x prior to 11.4.3 **Description** The issue is related to Information Exposure Through Browser Caching. **Recommendations** For versions prior to 11.2.7, update to version 11.2.7 or later. For versions 11.3.x prior to 11.3.8, update to version 11.3.8 or later. For versions 11.4.x prior to 11.4.3, update to version 11.4.3 or later.