CVE-2013-1939: Improper Input Validation

March 14, 2014 (updated December 6, 2018)

The HTMLBrowser plugin does not properly check path separators in the base path, which allows remote attackers to read arbitrary files via a backslash character.

References

groups.google.com/forum/?fromgroups=

Detect and mitigate CVE-2013-1939 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →