CVE-2017-11675: Code Injection

July 27, 2017 (updated August 4, 2017)

The traverseStrictSanitize function in admin_dir/includes/classes/AdminRequestSanitizer mishandles key strings, which allows remote authenticated users to execute arbitrary PHP code.

References

nvd.nist.gov/vuln/detail/CVE-2017-11675

Detect and mitigate CVE-2017-11675 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →