CVE-2017-0923
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2017-0923
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
Gitlab Community Edition version 9.1 is vulnerable to lack of input validation in the IPython notebooks component resulting in persistent cross site scripting.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
在Web页面生成时对输入的转义处理不恰当(跨站脚本)
Source: NVD (National Vulnerability Database)
Vulnerability Title
GitLab Community Edition IPython notebooks组件跨站脚本漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
GitLab是一套利用Ruby on Rails开发的开源应用程序,可实现一个自托管的Git(版本控制系统)项目仓库,它拥有与Github类似的功能,可查阅项目的文件内容、提交历史、Bug列表等。GitLab Community Edition (CE)是它的社区版。IPython notebooks component是其中的一个基于Pyhton的编辑器组件。 Gitlab CE 9.1版本中的IPython notebooks组件存在跨站脚本漏洞,该漏洞源于程序缺少输入验证。远程攻击者可利用该漏洞执行
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| GitLab | GitLab Community and Enterprise Editions | 9.1.0 - 10.1.5 Fixed in 10.1.6 | - |
II. Public POCs for CVE-2017-0923
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2017-0923
Please Login to view more intelligence information
- https://about.gitlab.com/2018/01/16/gitlab-10-dot-3-dot-4-released/x_refsource_CONFIRM
- https://hackerone.com/reports/293740x_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2017-0923
Same Patch Batch · GitLab · 2018-03-21 · 12 CVEs total
| CVE-2017-0914 | GitLab Community Edition和Enterprise Edition MilestoneFinder组件SQL注入漏洞 | |
| CVE-2017-0915 | GitLab Community Edition 安全漏洞 | |
| CVE-2017-0916 | GitLab Community Edition 安全漏洞 | |
| CVE-2017-0917 | GitLab Community Edition CI job组件跨站脚本漏洞 | |
| CVE-2017-0918 | GitLab Community Edition GitLab CI runner组件路径遍历漏洞 | |
| CVE-2017-0922 | Gitlab Enterprise Edition GitLab Projects::BoardsController组件安全漏洞 | |
| CVE-2017-0924 | GitLab Community Edition labels组件跨站脚本漏洞 | |
| CVE-2017-0925 | Gitlab Enterprise Edition 安全漏洞 | |
| CVE-2017-0926 | GitLab Community Edition Oauth sign-in组件安全漏洞 | |
| CVE-2017-0927 | GitLab Community Edition deployment keys组件安全漏洞 | |
| CVE-2018-3710 | GitLab Community Edition和Enterprise Edition project import组件安全漏洞 |
IV. Related Vulnerabilities
Same product: GitLab Community and Enterprise Editions
Same vendor: GitLab
- CVE-2026-3254
Improper Restriction of Rendered UI Layers or Frames in GitL - CVE-2026-4922
Cross-Site Request Forgery (CSRF) in GitLab - CVE-2025-0186
Allocation of Resources Without Limits or Throttling in GitL - CVE-2025-3922
Allocation of Resources Without Limits or Throttling in GitL - CVE-2025-6016
Allocation of Resources Without Limits or Throttling in GitL
Same weakness: CWE-79
- CVE-2026-42455
LinkWarden: Stored XSS via Client-Side Archive Upload (Unsan - CVE-2026-42451
Grimmory: Stored XSS via Malicious EPUB Enables Session Toke - CVE-2026-42556
Postiz stored XSS in public preview page - CVE-2026-42224
ipl/web is vulnerable to reflected XSS by malformed search r - CVE-2026-42192
Plunk: Stored XSS in campaign view
V. Comments for CVE-2017-0923
No comments yet