CVE-2021-40694: Improper Encoding or Escaping of Output

September 29, 2022 (updated October 3, 2022)

Insufficient escaping of the LaTeX preamble made it possible for site administrators to read files available to the HTTP server system account.

References

bugzilla.redhat.com/show_bug.cgi?id=2043421
nvd.nist.gov/vuln/detail/CVE-2021-40694

Detect and mitigate CVE-2021-40694 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →