Description

Due to a vulnerablility in ExifTool, GitLab was not properly validating image files which resulted in a remote command execution.

Remediation

Upgrade to the latest version of GitLab

References

CVE-2021-22205

RCE when removing metadata with ExifTool

Related Vulnerabilities

Deserialization of Untrusted Data (Java JSON Deserialization) Jackson

wp heyloyalty Remote Code Execution (1.1.4)

Flex BlazeDS AMF Deserialization RCE

Master Popups Remote Code Execution (1.0.0)

Easy Forms for Mailchimp PHP Code Injection (6.5.2)

Severity

High

Classification

CVE-2021-22205 CWE-918 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Tags

Acumonitor Code Execution