The version of PDF.js embedded in Gitlab is 1.8.172, which is vulnerable to CVE-2018-5158. Per the summary, attacker-supplied JavaScript will be executed in a web worker context.
The version of PDF.js embedded in Gitlab is 1.8.172, which is vulnerable to CVE-2018-5158. Per the summary, attacker-supplied JavaScript will be executed in a web worker context.