SS-2015-027: Insufficient sanitization in "Add from URL"
“Add from URL” does not clearly sanitize URL server side in HtmlEditorField_Toolbar
. The current logic will pass this through to Oembed, which will probably reject most dangerous URLs, but it’s possible future changes would break this.
References
Detect and mitigate SS-2015-027 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →