CVE-2018-19585
a vulnerability has been found in gitlab community edition and enterprise edition up to 11.3.10/11.4.7/11.5.0 (Bug Tracking Software) and classified as critical. Affected by this vulnerability is an unknown code block of the component Project Mirroring. The manipulation with an unknown input leads to a crlf injection vulnerability. The CWE definition for the vulnerability is CWE-93. The software uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs. As an impact it is known to affect confidentiality, integrity, and availability.