GitLab Duo Vulnerability Let Attack Inject Malicious link & Steal Source Code

A critical remote prompt injection vulnerability was uncovered in GitLab Duo, the AI-powered coding assistant integrated into GitLab’s DevSecOps platform.  The vulnerability, disclosed in February 2025, allowed attackers to manipulate the AI assistant into leaking private source code and injecting untrusted HTML content into responses, potentially redirecting users to malicious websites.  GitLab has since patched […]

The post GitLab Duo Vulnerability Let Attack Inject Malicious link & Steal Source Code appeared first on Cyber Security News.