CVE-2019-3852: Permissions, Privileges, and Access Controls
(updated )
The get_with_capability_join
and get_users_by_capability
functions were not taking context freezing into account when checking user capabilities
References
Detect and mitigate CVE-2019-3852 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →