@@ -127,9 +127,9 @@ class Email < ApplicationRecord
...
@@ -127,9 +127,9 @@ class Email < ApplicationRecord
DOMAIN_MATCH=Regexp.new('([a-zA-Z0-9]+)+\.com')
DOMAIN_MATCH=Regexp.new('([a-zA-Z0-9]+)+\.com')
validates:domain_matches
validates:domain_matches
private
private
defdomain_matches
defdomain_matches
errors.add(:email,'does not match')ifemail=~DOMAIN_MATCH
errors.add(:email,'does not match')ifemail=~DOMAIN_MATCH
end
end
...
@@ -184,7 +184,7 @@ have been reported to GitLab include:
...
@@ -184,7 +184,7 @@ have been reported to GitLab include:
- Reading internal services, including cloud service metadata.
- Reading internal services, including cloud service metadata.
- The latter can be a serious problem, because an attacker can obtain keys that allow control of the victim's cloud infrastructure. (This is also a good reason
- The latter can be a serious problem, because an attacker can obtain keys that allow control of the victim's cloud infrastructure. (This is also a good reason
to give only necessary privileges to the token.). [More details](https://gitlab.com/gitlab-org/gitlab-foss/-/issues/51490).
to give only necessary privileges to the token.). [More details](https://gitlab.com/gitlab-org/gitlab-foss/-/issues/51490).
- When combined with CRLF vulnerability, remote code execution. [More details](https://gitlab.com/gitlab-org/gitlab-foss/-/issues/41293)
- When combined with CRLF vulnerability, remote code execution. [More details](https://gitlab.com/gitlab-org/gitlab-foss/-/issues/41293).
