What the vulnerability does
01Description
A flawed DNS rebinding protection issue was discovered in GitLab CE/EE 10.2 and later in the `url_blocker.rb` which could result in SSRF where the library is utilized.
CVSS base score
—
Key dates
02Disclosure timeline
January 28, 2020
CVE published
August 4, 2024
Record updated
External resources
03References
Related vulnerabilities
04Related CVE
CVE-2021-43548 Philips Patient Information Center iX (PIC iX) and Efficia CM Series Improper Input Validation
CVE-2026-23841 Movary vulnerable to Cross-site Scripting with `?categoryCreated=` param
CVE-2021-37863
CVE-2026-25631 Domain allowlist bypass enables credential exfiltration
CVE-2021-37674 Incomplete validation in `MaxPoolGrad` in TensorFlow
