Description

Due to a vulnerablility in ExifTool, GitLab was not properly validating image files which resulted in a remote command execution.

Remediation

Upgrade to the latest version of GitLab

References

CVE-2021-22205

RCE when removing metadata with ExifTool

Related Vulnerabilities

Oracle E-Business Suite SSRF (CVE-2017-10246)

Apache Solr Deserialization of untrusted data via jmx.serviceUrl

Apache OFBiz SOAPService Deserialization RCE

Liferay XMLRPC Blind SSRF

Remote file inclusion XSS

Severity

High

Classification

CVE-2021-22205 CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Tags

Acumonitor