Skip to main content
All vulnerabilities
CVE-2021-22205 Known ransomware use

GitLab Community and Enterprise Editions Remote Code Execution Vulnerability

GitLabCommunity and Enterprise Editions

Added to KEV catalog
3 November 2021
Federal remediation due date
17 November 2021
Weakness classification (CWE)
CWE-20, CWE-95

CISA Description

GitHub Community and Enterprise Editions that utilize the ability to upload images through GitLab Workhorse are vulnerable to remote code execution. Workhorse passes image file extensions through ExifTool, which improperly validates the image files.

Required action

Apply updates per vendor instructions.

Notes

https://nvd.nist.gov/vuln/detail/CVE-2021-22205

Confirm Your Exposure

Is this vulnerability present in your environment?

CRS delivers independent VAPT assessments that identify exactly which known-exploited vulnerabilities exist in your network, applications, and infrastructure.

Explore VAPT Services