CVE-2021-22205GitLab Community and Enterprise Editions Remote Code Execution Vulnerability

PUBLISHEDvulnerability record
2021-11-03 · last modified June 21, 2025

Metadata

CVE ID:
CVE-2021-22205
项目:
GitLab
产品:
Community and Enterprise Editions
添加日期:
2021-11-03
到期日:
2021-11-17
最后更新:
June 21, 2025

漏洞名称

GitLab Community and Enterprise Editions Remote Code Execution Vulnerability

描述

GitHub Community and Enterprise Editions that utilize the ability to upload images through GitLab Workhorse are vulnerable to remote code execution. Workhorse passes image file extensions through ExifTool, which improperly validates the image files.

已知用于勒索软件活动吗?

勒索软件状态:
KNOWN

采集行动

Apply updates per vendor instructions.

其他说明

相关新闻文章

相关 CWE