All vulnerabilities
CVE-2021-22205 Known ransomware use
GitLab Community and Enterprise Editions Remote Code Execution Vulnerability
GitLab — Community and Enterprise Editions
- Added to KEV catalog
- 3 November 2021
- Federal remediation due date
- 17 November 2021
- Weakness classification (CWE)
- CWE-20, CWE-95
CISA Description
GitHub Community and Enterprise Editions that utilize the ability to upload images through GitLab Workhorse are vulnerable to remote code execution. Workhorse passes image file extensions through ExifTool, which improperly validates the image files.
Required action
Apply updates per vendor instructions.
Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-22205
More GitLab Vulnerabilities
Confirm Your Exposure
Is this vulnerability present in your environment?
CRS delivers independent VAPT assessments that identify exactly which known-exploited vulnerabilities exist in your network, applications, and infrastructure.
Explore VAPT Services