cbcvebase.
CVE-2021-39906
published 2021-11-05

CVE-2021-39906: Improper validation of ipynb files in GitLab CE/EE version 13.5 and above allows an attacker to execute arbitrary JavaScript code on the victim's behalf.

PriorityP349medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EPSS
60.73%
99.0th percentile
Improper validation of ipynb files in GitLab CE/EE version 13.5 and above allows an attacker to execute arbitrary JavaScript code on the victim's behalf.

Affected

9 ranges
VendorProductVersion rangeFixed in
debiangitlab< gitlab 15.10.8+ds1-2 (sid)gitlab 15.10.8+ds1-2 (sid)
gitlabgitlab
gitlabgitlab
gitlabgitlab
gitlabgitlab
gitlabgitlab>= 13.5.0 < 14.2.614.2.6
gitlabgitlab>= 14.3.0 < 14.3.414.3.4
gitlabgitlab>= 14.4.0 < 14.4.114.4.1
gitlabgitlab_ce

Detection & IOCsextracted from sources · hover to see the quote

  • Focus detection on improper validation of .ipynb (Jupyter Notebook) files uploaded or rendered in GitLab CE/EE, which can lead to stored XSS / arbitrary JavaScript execution on behalf of victims.
  • Monitor GitLab instances for uploads or rendering of .ipynb files containing embedded JavaScript payloads (e.g., in cell outputs or metadata fields), particularly in repositories accessible to other users.
  • ·Vulnerability affects GitLab CE/EE version 13.5 and above; patched in Debian sid at version 15.10.8+ds1-2. Ensure GitLab instances are upgraded to a fixed release.
  • ·The vulnerability scope is classified as local, meaning exploitation requires the attacker to have some level of access to the GitLab instance (e.g., ability to push or share .ipynb files).

CVSS provenance

nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:P/A:N
osv6.1MEDIUM
vendor_debian8.7HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.