CVE-2015-5169: Cross-Site Scripting vulnerability on "Problem Report" screen

September 25, 2017 (updated November 23, 2018)

When Debug mode is turned on, under certain conditions an arbitrary script may be executed in the Problem Report screen. Also if JSP files are exposed to be accessed directly it’s possible to execute an arbitrary script.

References

struts.apache.org/docs/s2-025.html

Detect and mitigate CVE-2015-5169 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →