CVE-2017-5636: Injection Vulnerability
(updated )
The proxy chain serialization/deserialization
is vulnerable to an injection attack where a carefully crafted username could impersonate another user and gain their permissions on a replicated request to another node.
References
Detect and mitigate CVE-2017-5636 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →