{"id":"CVE-2020-13356","details":"An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.8.9. A specially crafted request could bypass Multipart protection and read files in certain specific paths on the server. Affected versions are: \u003e=8.8.9, \u003c13.3.9,\u003e=13.4, \u003c13.4.5,\u003e=13.5, \u003c13.5.2.","aliases":["BIT-gitlab-2020-13356"],"modified":"2026-03-14T11:18:56.683452Z","published":"2020-11-19T00:15:12.120Z","references":[{"type":"ADVISORY","url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13356.json"},{"type":"REPORT","url":"https://gitlab.com/gitlab-org/gitlab/-/issues/230878"},{"type":"REPORT","url":"https://hackerone.com/reports/927953"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.com/gitlab-org/gitlab","events":[{"introduced":"068e83ae1d0e363b5ff28a06d9df59cb3d5df3f7"},{"fixed":"e5a4c9dc9077d8e96e74118cd00dfa452bd4522b"},{"introduced":"068e83ae1d0e363b5ff28a06d9df59cb3d5df3f7"},{"fixed":"e5a4c9dc9077d8e96e74118cd00dfa452bd4522b"},{"introduced":"2f8ec2ebf58d8d4885127b9715b143e6756f2df1"},{"fixed":"6f3f825a6bcc61399d54fcbebfcbed572cf792d8"},{"introduced":"2f8ec2ebf58d8d4885127b9715b143e6756f2df1"},{"fixed":"6f3f825a6bcc61399d54fcbebfcbed572cf792d8"}],"database_specific":{"versions":[{"introduced":"8.8.9"},{"fixed":"13.3.9"},{"introduced":"8.8.9"},{"fixed":"13.3.9"},{"introduced":"13.5.0"},{"fixed":"13.5.2"},{"introduced":"13.5.0"},{"fixed":"13.5.2"}]}}],"versions":["v13.5.0-ee","v13.5.1-ee"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-13356.json","unresolved_ranges":[{"events":[{"introduced":"13.4.0"},{"fixed":"13.4.5"}]},{"events":[{"introduced":"13.4.0"},{"fixed":"13.4.5"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N"}]}