GMS-2018-19: Stored XSS in filenames

February 17, 2018

crud-file-server allows embeding HTML in file names, which in certain conditions might lead to malicious JavaScript execution.

References

github.com/omphalos/crud-file-server/commit/4155bfe068bf211b49a0b3ffd06e78cbaf1b40fa
hackerone.com/reports/311101

Detect and mitigate GMS-2018-19 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →