CVE-2024-27921: File Upload Path Traversal
A file upload path traversal vulnerability has been identified in the application, enabling attackers to replace or create files with extensions like .json, .zip, .css, .gif, etc. This security flaw poses severe risks, that can allow attackers to inject arbitrary code on the server, undermine integrity of backup files by overwriting existing files or creating new ones, and exfiltrate sensitive data using CSS exfiltration techniques.
References
Detect and mitigate CVE-2024-27921 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →