/
DirectorySecurity AdvisoriesPricing
Sign in
Security Advisories

CVE-2018-17452

Published

Last updated

NVD

https://nvd.nist.gov/vuln/detail/CVE-2018-17452

Severity

9.8

Critical

CVSS V3

Description

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. There is Server-Side Request Forgery (SSRF) via a loopback address to the validate_localhost function in url_blocker.rb.

References

  • https://images.chainguard.dev/security/CGA-7g66-9336-g2xh
  • https://github.com/advisories/GHSA-8xwc-6h6p-hh69
  • https://images.chainguard.dev/security/CGA-f49p-4w5p-397r
  • https://about.gitlab.com/blog/categories/releases/
  • https://about.gitlab.com/releases/2018/10/01/security-release-gitlab-11-dot-3-dot-1-released/

Affected packages

The trusted source for open source

Talk to an expert
© 2025 Chainguard. All Rights Reserved.
PrivacyTerms

Product

Chainguard ContainersChainguard LibrariesChainguard VMsIntegrationsPricing

Solutions

FedRAMPPCI DSSGolden ImagesCVE RemediationPublic Sector

Customers

Customer StoriesChainguard Reviews

Resources

Events & WebinarsChainguard CoursesDocumentationTrust Center

Company

About UsBlogPartnersNewsroomCareersLegal