CVE-2021-22205β€”GitLab Community and Enterprise Editions Remote Code Execution Vulnerability

PUBLISHEDvulnerability record
2021-11-03 Β· last modified June 21, 2025

Metadata

CVE ID:
CVE-2021-22205
Project:
GitLab
Product:
Community and Enterprise Editions
Date Added:
2021-11-03
Due Date:
2021-11-17
Last Updated:
June 21, 2025

Vulnerability Name

GitLab Community and Enterprise Editions Remote Code Execution Vulnerability

Description

GitHub Community and Enterprise Editions that utilize the ability to upload images through GitLab Workhorse are vulnerable to remote code execution. Workhorse passes image file extensions through ExifTool, which improperly validates the image files.

Known To Be Used in Ransomware Campaigns?

Ransomware Status:
KNOWN

Action

Apply updates per vendor instructions.

Additional Notes

Related News Articles

Related Weaknesses