GMS-2022-6929: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentSelector.xml

November 21, 2022

Privilege escalation (PR) from user profile through the attachment selector

References

github.com/advisories/GHSA-9hqh-fmhg-vq2j
github.com/xwiki/xwiki-platform/security/advisories/GHSA-9hqh-fmhg-vq2j

Detect and mitigate GMS-2022-6929 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →