CVE-2024-4901

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 16.9 through 16.11.5 GitLab CE/EE versions 17.0 through 17.0.3 GitLab CE/EE versions 17.1 through 17.1.1

Description: The issue is related to a stored XSS vulnerability that can be imported from a project with malicious commit notes, potentially allowing an attacker to conduct cross-site scripting attacks. This could enable a remote attacker to perform intersite script attacks by exploiting the lack of protection measures for the web page structure.

Recommendations: For versions 16.9 through 16.11.5, update to version 16.11.5 or later. For versions 17.0 through 17.0.3, update to version 17.0.3 or later. For versions 17.1 through 17.1.1, update to version 17.1.1 or later.