CVE-2017-11503: XSS vulnerability in code example
(updated )
The code_generator.phps
example does not filter user input prior to output. This file is distributed with a .phps
extension, so it it not normally executable unless it is explicitly renamed, so it is safe by default. There’s also an undisclosed potential XSS vulnerability in the default exception handler (unused by default).
References
Detect and mitigate CVE-2017-11503 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →