Medium severity5.9NVD Advisory· Published Dec 4, 2023· Updated Jun 17, 2026
CVE-2023-5332
CVE-2023-5332
Description
Patch in third party library Consul requires 'enable-script-checks' to be set to False. This was required to enable a patch by the vendor. Without this setting the patch could be bypassed. This only affects GitLab-EE.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
4- osv-coords2 versions
< 0.9.4+ 1 more
- (no CPE)range: < 0.9.4
- (no CPE)range: >= 9.5.0, < 16.2.8
Patches
Vulnerability mechanics
References
2- www.hashicorp.com/blog/protecting-consul-from-rce-risk-in-specific-configurationsnvdPatchVendor Advisory
- gitlab.com/gitlab-org/omnibus-gitlab/-/issues/8171nvdExploitIssue Tracking
News mentions
1- GitLab Security Release: 16.4.1, 16.3.5, and 16.2.8GitLab Security Releases · Sep 28, 2023