An issue was discovered in GitLab Community and Enterprise Edition before 11.4. It allows Directory Traversal.
https://about.gitlab.com/blog/categories/releases/
https://about.gitlab.com/2019/01/16/critical-security-release-gitlab-11-dot-6-dot-4-released/