Description

Due to a vulnerablility in ExifTool, GitLab was not properly validating image files which resulted in a remote command execution.

Remediation

Upgrade to the latest version of GitLab

References

CVE-2021-22205

RCE when removing metadata with ExifTool

Related Vulnerabilities

Apache Solr Log4Shell RCE

Oracle Weblogic T3 XXE (CVE-2019-2647)

Apache OFBiz SOAPService Deserialization RCE

Reverse proxy misrouting

Oracle E-Business Suite Deserialization RCE

Severity

High

Classification

CVE-2021-22205 CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Tags

Acumonitor