CVE-2024-4994 – GitLab CSRF GraphQL Mutation Execution Vulnerability

June 20, 2025

CVE ID : CVE-2024-4994

Published : June 20, 2025, 7:15 p.m. | 3 hours, 29 minutes ago

Description : An issue has been discovered in GitLab CE/EE affecting all versions from 16.1.0 before 16.11.5, all versions starting from 17.0 before 17.0.3, all versions starting from 17.1.0 before 17.1.1 which allowed for a CSRF attack on GitLab’s GraphQL API leading to the execution of arbitrary GraphQL mutations.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2024-4025 – “GitLab Markdown DoS Vulnerability”

Next Article CVE-2025-6358 – Code-Projects Simple Pizza Ordering System SQL Injection Vulnerability

Automating Design Systems: Tips And Resources For Getting Started

OpenAI releases two open weight reasoning models

Accelerate tool adoption with a developer experimentation framework

UX Job Interview Helpers

Yes, you can edit video like a pro on Linux – here are my 4 go-to apps

I tried Perplexity’s new reservation feature, and it surprised me with new dining spots to try

Your Samsung TV is getting a huge feature upgrade – 3 AI tools launching right now

This multi-card reader is one of the best investments I’ve made for my creative workflow

Fluent Object Operations with Laravel’s Enhanced Helper Utilities

Fluent Object Operations with Laravel’s Enhanced Helper Utilities

Record and Replay Requests With Laravel ChronoTrace

How to Write Media Queries in Optimizely Configured Commerce (Spire)

Battlefield 6 Developers Confirm AI Bots Will Auto-fill Servers If Player Count Drops

Battlefield 6 Developers Confirm AI Bots Will Auto-fill Servers If Player Count Drops

Canon imageFORMULA R40 Driver for Windows 11, 10 (Download)

Microsoft to End Support for Visual Studio 2015 This October

CVE-2024-4994 – GitLab CSRF GraphQL Mutation Execution Vulnerability

ESET Threat Report H1 2025: ClickFix, infostealer disruptions, and ransomware deathmatch

CISA Adds 3 D-Link Vulnerabilities to KEV Catalog Amid Active Exploitation Evidence

CVE-2025-23171 – Versa Networks Versa Director Insecure File Upload and UCPE Image Upload Vulnerability

Anti-Aliasing In CSS A Powerful Concept

Malicious PyPI Package Masquerades as Chimera Module to Steal AWS, CI/CD, and macOS Data

CVE-2025-5233 – WordPress Color Palette Stored Cross-Site Scripting Vulnerability

CVE-2025-46548 – Pekko Management Basic Authentication Misapplication

Ubisoft’s delay of Assassin’s Creed Shadows worked out so well, the company is pushing back some of its biggest hitters — potentially as far as March 2028

CVE-2025-20129 – Cisco Customer Collaboration Platform (CCP) HTTP Request Manipulation Vulnerability

User Onboarding

CVE-2024-4994 – GitLab CSRF GraphQL Mutation Execution Vulnerability

Related Posts