Gitlab Community and Enterprise Editions version 10.1, 10.2, and 10.2.4 are vulnerable to a SQL injection in the MilestoneFinder component resulting in disclosure of all data in a GitLab instance's database.

Related CVEs

CVE-2017-0914

Key Information

GHSA ID

GHSA-fvhv-m54j-g33h

Published

May 13, 2022 1:38 AM

Last Modified

May 13, 2022 1:38 AM

CVSS Score

7.5 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: August 2, 2025 6:46 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.