Stanlyoncmon

**Name of the Vulnerable Software and Affected Versions** GitLab Runner versions prior to 15.3.5 GitLab Runner versions 15.4 prior to 15.4.4 GitLab Runner versions 15.5 prior to 15.5.2 **Description** The issue is caused by improper sanitization of branch names, allowing a user to create a branch with a specially crafted name. If another user triggers a pipeline, this can lead to the execution of commands in the runner as that other user. **Recommendations** For versions prior to 15.3.5, update to version 15.3.5 or later. For versions 15.4 prior to 15.4.4, update to version 15.4.4 or later. For versions 15.5 prior to 15.5.2, update to version 15.5.2 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions prior to the fixed version **Description** The issue is related to improper validation of commit author in GitLab, allowing an attacker to make several pages in a project impossible to view. This can be exploited by a remote attacker to cause a denial of service. **Recommendations** For GitLab CE/EE versions prior to the fixed version, update to the latest version to resolve the issue. As a temporary workaround, consider restricting access to commit author validation functionality until a patch is available.