Remote Prompt Injection in GitLab Duo Leads to Source Code Theft

Welcome • User Guide
ToS • Privacy • Canary
Donate • Bugs • License

©2025 Poal.co

870

•

Remote Prompt Injection in GitLab Duo Leads to Source Code Theft (www.legitsecurity.com)

From the post:

>TL;DR: A hidden comment was enough to make GitLab Duo leak private source code and inject untrusted HTML into its responses. GitLab patched the issue, and we’ll walk you through the full attack chain — which demonstrates five vulnerabilities from the 2025 OWASP Top 10 for LLMs.

Archive: https://archive.today/IJNUi From the post: >>TL;DR: A hidden comment was enough to make GitLab Duo leak private source code and inject untrusted HTML into its responses. GitLab patched the issue, and we’ll walk you through the full attack chain — which demonstrates five vulnerabilities from the 2025 OWASP Top 10 for LLMs.

[–] • 1 pt

Big cloud is dangerous.

link