Home > Vulnerability Database > CVE-2023-5512

Mend.io Vulnerability Database

CVE-2023-5512

Date: December 15, 2023

An issue has been discovered in GitLab CE/EE affecting all versions from 16.3 before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. File integrity may be compromised when specific HTML encoding is used for file names leading for incorrect representation in the UI.

Language: Ruby

Severity Score

4.8

Related Resources (4)

Url: https://gitlab.com/gitlab-org/gitlab/-/issues/427827

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-5512

Url: https://hackerone.com/reports/2194607

Url: https://www.mend.io/vulnerability-database/CVE-2023-5512

Severity Score

4.8

Weakness Type (CWE)

Improper Control of Generation of Code ('Code Injection')

CWE-94

CVSS v3.1

Base Score:	4.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-5512

Date: December 15, 2023

Language: Ruby

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?