CVE-2021-22205βGitLab Community and Enterprise Editions Remote Code Execution Vulnerability
PUBLISHEDvulnerability record
2021-11-03 Β· last modified June 21, 2025
Metadata
Vulnerability Name
GitLab Community and Enterprise Editions Remote Code Execution Vulnerability
Description
GitHub Community and Enterprise Editions that utilize the ability to upload images through GitLab Workhorse are vulnerable to remote code execution. Workhorse passes image file extensions through ExifTool, which improperly validates the image files.
Known To Be Used in Ransomware Campaigns?
Action
Apply updates per vendor instructions.