CVE-2017-1000109: Cross-site Scripting

October 5, 2017 (updated October 19, 2017)

The OWASP Dependency-Check Plugin is vulnerable to a persisted cross-site scripting vulnerability: Malicious users able to influence the input to this plugin could insert arbitrary HTML into this view.

References

Detect and mitigate CVE-2017-1000109 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →

Affected versions

All versions starting from 1.0.1 up to 1.0.1.1, all versions starting from 1.0.2 up to 1.0.4.1, version 1.0.5, all versions starting from 1.0.7 up to 1.0.8, all versions starting from 1.1.0 up to 1.1.1.2, all versions starting from 1.1.2 up to 1.1.4.1, all versions starting from 1.2.0 up to 1.2.3.2, all versions starting from 1.2.4 up to 1.2.7.1, all versions starting from 1.2.8 up to 1.2.11.1, all versions starting from 1.3.0 up to 1.3.1.2, all versions starting from 1.3.2 up to 1.3.6, all versions starting from 1.4.0 up to 1.4.5, all versions starting from 2.0.0 up to 2.0.1.1