CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2021-22205

Known Exploited (CISA KEV)CRITICAL
10.0
CVSS Severity Score
EPSS Score41.9750%
EPSS Percentile94.91th
Published2021年4月23日
Last Modified2025年10月24日

Vulnerability Description

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.

Affected Platforms (CPE)

📦
Gitlab

Gitlab

>= 11.9.0 and < 13.8.8
📦
Gitlab

Gitlab

>= 11.9.0 and < 13.8.8
📦
Gitlab

Gitlab

>= 13.9.0 and < 13.9.6
📦
Gitlab

Gitlab

>= 13.9.0 and < 13.9.6
📦
Gitlab

Gitlab

>= 13.10.0 and < 13.10.3
📦
Gitlab

Gitlab

>= 13.10.0 and < 13.10.3

References & Advisories

🔗 http://packetstormsecurity.com/files/164768/GitLab-Unauthenticated-Remote-ExifTool-Command-Injection.html
🔗 http://packetstormsecurity.com/files/164994/GitLab-13.10.2-Remote-Code-Execution.html
🔗 https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22205.json
🔗 https://gitlab.com/gitlab-org/gitlab/-/issues/327121
🔗 https://hackerone.com/reports/1154542
🔗 http://packetstormsecurity.com/files/164768/GitLab-Unauthenticated-Remote-ExifTool-Command-Injection.html
🔗 http://packetstormsecurity.com/files/164994/GitLab-13.10.2-Remote-Code-Execution.html
🔗 https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22205.json

相關漏洞威脅

CVE-2020-541510.0

Concourse, versions prior to 6.3.1 and 6.4.1, in installations which use the GitLab auth connector, is vulnerable to identity spoo...

CVE-2018-1884310.0

The Kubernetes integration in GitLab Enterprise Edition 11.x before 11.2.8, 11.3.x before 11.3.9, and 11.4.x before 11.4.4 has SSR...

CVE-2019-917410.0

An issue was discovered in GitLab Community and Enterprise Edition before 11.6.10, 11.7.x before 11.7.6, and 11.8.x before 11.8.1....

CVE-2021-221929.9

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 allowing unauthorized authenticated users t...