Alert: Hacker exploit Gitlab remote command execution vulnerability (CVE-2021-22205) in the wild

GitLab is a fully integrated software development platform based on Git. Gitlab remote command execution vulnerability (CVE-2021-22205) was disclosed in the security update bulletin issued by Gitlab on April 14, 2021. It has appeared in the wild attack and exploited on the Internet. Since Gitlab did not correctly verify the image file passed to the parser, the attacker using the vulnerability to upload a specially crafted image file can lead to remote code execution. Currently, the vulnerability POC has been disclosed and the risk is high.
Gitlab google cloud

Affected version

  • 11.9 <=  GitLab(CE/EE)< 13.8.8
  • 13.9 <=  GitLab(CE/EE)< 13.9.6
  • 13.10 <= GitLab(CE/EE)< 13.10.3

Unaffected version

  • GitLab(CE/EE) 13.8.8
  • GitLab(CE/EE) 13.9.6
  • GitLab(CE/EE) 13.10.3

Solution

At present, GitLab has fixed the vulnerability in the new version, please upgrade to the unaffected version as soon as possible.