CVE-2021-39906

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 13.5 and above

Description The issue arises from improper validation of ipynb files, allowing an attacker to execute arbitrary JavaScript code on the victim's behalf. This enables the attacker to perform actions as the victim, potentially leading to unauthorized access or data manipulation. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this issue was exploited.

Recommendations For GitLab CE/EE versions 13.5 and above, update to a version that includes the fix for this issue. As a temporary workaround, consider restricting the upload and execution of ipynb files until a patch is available.