Home

Description

Insufficient input validation within GitLab Language Server 7.6.0 and later before 7.30.0 allows arbitrary GraphQL query execution

PUBLISHED Reserved 2025-07-28 | Published 2025-07-28 | Updated 2025-07-28 | Assigner GitLab




HIGH: 8.7CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N

Problem types

CWE-306: Missing Authentication for Critical Function

Product status

Default status
unaffected

7.6.0 (semver) before 7.30.0
affected

Credits

This vulnerability has been discovered internally by GitLab team member Joern Schneeweisz. finder

References

gitlab.com/gitlab-org/gitlab/-/issues/538205 (GitLab Issue #538205) issue-tracking permissions-required

cve.org (CVE-2025-8279)

nvd.nist.gov (CVE-2025-8279)

Download JSON