PRIVATE_FEEDS/CVE_VULN_FEED/CVE-2021-20210415_-gitlab_rce-cve-2021-20210415/alert_text.md

Date: 2021-04-15

GitLab Critical Security Release: An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9 which could lead to remote command execution, CVSS: 9.9

Patches for all supported versions are available and should be applied.

a CVE is not yet assigned.

CVE : CVE-2021-NOT YET ASSIGNED Vendor : Gitlab Product : Gitlab CPE : BaseScore : 9.9 Vector : AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Patches : available Exploits : unknown

we found various IPs in your ORG/ASN, matching criteria for possible vulnerable systems

False-Positive-Level: Low

please find a list of affected IPs below and more information on that problem here:

References:

• https://about.gitlab.com/releases/2021/04/14/security-release-gitlab-13-10-3-released/#Remote-code-execution-when-uploading-specially-crafted-image-files