Description

Due to a vulnerablility in ExifTool, GitLab was not properly validating image files which resulted in a remote command execution.

Remediation

Upgrade to the latest version of GitLab

References

CVE-2021-22205

RCE when removing metadata with ExifTool

Related Vulnerabilities

VMware vCenter Log4Shell RCE

WordPress Plugin Product Lister for Walmart Remote Code Execution (1.0.1)

WordPress Plugin Google Map Remote Code Execution (1.0)

Ivanti EPM SQLi RCE (CVE-2024-29824)

Moveable Type 4.x unauthenticated remote command execution

Severity

High

Classification

CVE-2021-22205 CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Acumonitor Code Execution