{"id":"CVE-2021-39947","details":"In specific circumstances, trace file buffers in GitLab Runner versions up to 14.3.4, 14.4 to 14.4.2, and 14.5 to 14.5.2 would re-use the file descriptor 0 for multiple traces and mix the output of several jobs","modified":"2026-04-12T01:58:37.889476Z","published":"2022-06-06T17:15:09.893Z","references":[{"type":"REPORT","url":"https://gitlab.com/gitlab-org/gitlab-runner/-/issues/28732"},{"type":"FIX","url":"https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39947.json"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://gitlab.com/gitlab-org/gitlab-runner","events":[{"introduced":"0"},{"fixed":"77516d85d2887b22a68502aaf10b9e6676f22c81"},{"introduced":"4b9e985ab8986c344903898ef682a122718f9632"},{"fixed":"50fc80a613809c2666fdf93b5f79e68b2292c92e"},{"introduced":"f0a95a76c6db80232ae46716938e1b3c27950b3b"},{"fixed":"e91107ddeb1c6012d15b2e79d1c25796b7b446ec"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"fixed":"14.3.4"},{"introduced":"14.4.0"},{"fixed":"14.4.2"},{"introduced":"14.5.0"},{"fixed":"14.5.2"}],"cpe":"cpe:2.3:a:gitlab:gitlab_runner:*:*:*:*:*:*:*:*","source":"CPE_FIELD"}}],"versions":["0.4.0","0.4.1","0.4.2","v0.1.0","v0.1.1","v0.1.10","v0.1.11","v0.1.12","v0.1.13","v0.1.14","v0.1.15","v0.1.16","v0.1.17","v0.1.2","v0.1.3","v0.1.4","v0.1.5","v0.1.6","v0.1.7","v0.1.8","v0.1.9","v0.2.0","v0.3.0","v0.3.1","v0.3.2","v0.5.0","v0.5.1","v0.5.2","v0.6.0","v0.7.0","v0.7.1","v0.7.2","v1.0.0","v1.0.1","v1.0.2","v1.1.0","v1.10.0","v1.10.0-rc.1","v1.11.0","v1.2.0","v1.3.0","v1.4.0","v1.6.0","v1.6.0-rc.1","v1.6.0-rc.2","v1.7.0","v1.7.0-rc.1","v1.7.0-rc.2","v1.7.0-rc.3","v1.8.0","v1.8.0-rc.1","v1.9.0","v1.9.0-rc.1","v1.9.0-rc.2","v1.9.0-rc.3","v1.9.0-rc.4","v1.9.0-rc.5","v10.0.0-rc.1","v10.1.0-rc.1","v10.2.0-rc.1","v10.3.0-rc.1","v10.4.0-rc1","v10.5.0-rc1","v10.6.0-rc1","v10.7.0-rc1","v10.8.0-rc1","v11.0.0-rc1","v11.1.0-rc1","v11.10.0-rc1","v11.2.0-rc1","v11.3.0-rc1","v11.4.0-rc1","v11.5.0-rc1","v11.6.0-rc1","v11.7.0-rc1","v11.8.0-rc1","v11.9.0-rc1","v12.0.0-rc1","v12.1.0-rc1","v12.10.0-rc1","v12.3.0-rc1","v12.4.0-rc1","v12.5.0-rc1","v12.6.0-rc1","v12.7.0-rc1","v12.8.0-rc1","v12.9.0-rc1","v13.0.0-rc1","v13.1.0-rc1","v13.10.0-rc1","v13.11.0-rc1","v13.12.0-rc1","v13.2.0-rc1","v13.3.0-rc1","v13.4.0-rc1","v13.5.0-rc1","v13.6.0-rc1","v13.7.0-rc1","v13.8.0-rc1","v13.9.0-rc1","v14.0.0-rc1","v14.1.0-rc1","v14.2.0-rc1","v14.3.0","v14.3.0-rc1","v14.3.1","v14.3.2","v14.3.3","v14.4.0","v14.4.1","v14.5.0","v14.5.1","v9.0.0","v9.0.0-rc.1","v9.0.0-rc.2","v9.0.0-rc.3","v9.1.0","v9.1.0-rc.1","v9.1.0-rc.2","v9.1.0-rc.3","v9.2.0","v9.2.0-rc.1","v9.2.0-rc.2","v9.3.0","v9.3.0-rc.1","v9.3.0-rc.2","v9.4.0","v9.4.0-rc.1","v9.4.0-rc.2","v9.4.0-rc.3","v9.5.0","v9.5.0-rc.1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-39947.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}]}