Arbitrary JavaScript Code Execution in GitLab CE/EE version 13.5 and above via ipynb File Validation

Arbitrary JavaScript Code Execution in GitLab CE/EE version 13.5 and above via ipynb File Validation

CVE-2021-39906 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Improper validation of ipynb files in GitLab CE/EE version 13.5 and above allows an attacker to execute arbitrary JavaScript code on the victim's behalf.

Learn more about our Web Application Penetration Testing UK.