gitlab-shell-18.6

Direct Vulnerabilities

Known vulnerabilities in the gitlab-shell-18.6 package. This does not include vulnerabilities belonging to this package’s dependencies.

Fix vulnerabilities automatically

Snyk's AI Trust Platform automatically finds the best upgrade path and integrates with your development workflows. Secure your code at zero cost.

Fix for free

Vulnerability	Vulnerable Version
M Improper Neutralization	*
L Allocation of Resources Without Limits or Throttling	*
L Incorrect Authorization	*
L Authorization Bypass Through User-Controlled Key	*
L Authorization Bypass Through User-Controlled Key	*
H Cross-site Scripting (XSS)	*
L Out-of-Bounds	*
L Improper Certificate Validation	*
L CVE-2026-46598	*
L Improper Restriction of Rendered UI Layers or Frames	*
L CVE-2026-27145	*
L Missing Authorization	*
L Missing Authorization	*
L CVE-2026-46595	*
L CVE-2026-39824	*
L Improper Enforcement of Message Integrity During Transmission in a Communication Channel	*
L Improper Verification of Cryptographic Signature	*
L Integer Overflow or Wraparound	*
L Incorrect Type Conversion or Cast	*
L CVE-2026-42507	*
L Improper Restriction of Rendered UI Layers or Frames	*
L GO-2025-3408	*
L CVE-2026-39821	*
L Cross-site Scripting (XSS)	*
L Improper Restriction of Rendered UI Layers or Frames	*
L Deserialization of Untrusted Data	*
L CVE-2026-42504	*
L Improper Certificate Validation	*
L Improper Certificate Validation	*
L Resource Exhaustion	*
L Allocation of Resources Without Limits or Throttling	*
L Incorrect Authorization	*
L Use of Incorrectly-Resolved Name or Reference	*
L Allocation of Resources Without Limits or Throttling	*
L Missing Authorization	*
L Improper Encoding or Escaping of Output	*
H Loop with Unreachable Exit Condition ('Infinite Loop')	*
H NULL Pointer Dereference	*
M Link Following	*
L Cross-site Scripting (XSS)	*
L CVE-2026-42499	*
L CVE-2026-39825	*
H Double Free	*
L CVE-2026-42501	*
H Allocation of Resources Without Limits or Throttling	*
M Out-of-bounds Write	*
L Allocation of Resources Without Limits or Throttling	*
L GHSA-j88v-2chj-qfwx	*
H Access of Resource Using Incompatible Type ('Type Confusion')	*
C CVE-2026-27143	*
L CVE-2026-33816	*
L CVE-2026-32280	*
M Allocation of Resources Without Limits or Throttling	*
H Allocation of Resources Without Limits or Throttling	*
M Link Following	*
H Improper Certificate Validation	*
H Incorrect Authorization	*
M Cross-site Scripting (XSS)	*
H Untrusted Search Path	*
L GHSA-xmrv-pmrh-hhx2	*
L Uncaught Exception	*
H Resource Exhaustion	*
L Resource Exhaustion	*
H Permissive Regular Expression	*
M Improper Handling of Length Parameter Inconsistency	*
L Permissive Regular Expression	*
L Incorrect Behavior Order: Validate Before Canonicalize	*
L Partial Comparison	*
M Interpretation Conflict	*
H Resource Exhaustion	*
H Improper Handling of Parameters	*
C Use of Externally-Controlled Format String	*
L Improper Authorization	*
L Direct Request ('Forced Browsing')	*
L Cross-site Scripting (XSS)	*
L Directory Traversal	*
L Untrusted Search Path	*
L Directory Traversal	*
L Cross-site Scripting (XSS)	*
L Server-Side Request Forgery (SSRF)	*
M Cross-site Scripting (XSS)	<18.6.6-r0
M Cross-site Scripting (XSS)	<18.6.6-r0
H Allocation of Resources Without Limits or Throttling	<18.6.6-r0
L CVE-2025-61732	<18.6.5-r1
C CVE-2025-68121	<18.6.5-r1
L Allocation of Resources Without Limits or Throttling	<18.6.4-r0
L CVE-2025-61731	<18.6.4-r0
L Out-of-bounds Write	<18.6.4-r0
L CVE-2025-61730	<18.6.4-r0
L Allocation of Resources Without Limits or Throttling	<18.6.4-r0
L Loop with Unreachable Exit Condition ('Infinite Loop')	<18.6.4-r0
L Incorrect Authorization	<18.6.4-r0
L Allocation of Resources Without Limits or Throttling	<18.6.4-r0
H Allocation of Resources Without Limits or Throttling	<18.6.4-r0
L Unchecked Return Value	<18.6.4-r0
L Improper Certificate Validation	<18.6.1-r1
L Improper Certificate Validation	<18.6.1-r1
L CVE-2024-21510	*

Vulnerability

Vulnerable Version

Improper Neutralization