Status
Impact
This vulnerability relates to the GitLab dependency: [gem] sinatra @ 2.2.4, which was fixed upstream on version 4.1.0. However, GitLab advises that maintainers should NOT upgrade dependency versions manually, as their automation would have already applied this in cases of simple version increments. If a dependency version has not yet been upgraded, there is usually a good reason. Additionally, past attempts to upgrade GitLab dependencies ahead of the upstream release have resulted in build issues. deferring to upstream (GitLab) to address this CVE in a subsequent update. See: https://docs.gitlab.com/ee/development/dependencies.html.
Status
Status
Fixed version
18.2.1-r0Status