CVE-2017-5647: Information Exposure

April 17, 2017 (updated April 15, 2019)

When “send file” is used, results in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests A, B and C could see the correct response for request A, the response for request C for request B and no response for request C.

References

nvd.nist.gov/vuln/detail/CVE-2017-5647

Code Behaviors & Features

Detect and mitigate CVE-2017-5647 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →