Researchers from security firm Legit on Thursday demonstrated an attack that induced Duo into inserting malicious code into a script it had been instructed to write. The attack could also leak private ...

GitLab’s coding assistant Duo can parse malicious AI prompts hidden in comments, source code, merge request descriptions ... encode it and send it back out to a server under their control ...

According to Legit Security’s blog post, attackers were able to plant hidden prompts within various parts of GitLab projects, including merge request ... be set up to send HTTP requests to ...

A new vulnerability in GitLab’s Ultimate Enterprise Edition used for managing source code is “dangerous” and needs to be ...

issue/needs-feedbackFor bugs, we need more details. For features, the feature must be described in more detailFor bugs, we need more details. For features, the feature must be described in more ...

On top of that, by taking advantage of GitLab Duo Chat's ability to access information about specific merge requests and the code changes inside of them, Legit Security found that it's possible to ...

or merge-request descriptions, attackers could deceive Duo into executing unintended commands. This vulnerability stems from Duo’s design, which involves analyzing many elements of a GitLab ...

Pull requests help you collaborate on code with other people. As pull requests are created, they’ll appear here in a searchable and filterable list. To get started, you should create a pull request.