GitLab Remote Code Execution Vulnerability Alert
GitLab is an open-source project for a warehouse management system. It uses Git as a code management tool to access public or private projects through a web interface. On March 16th, GitLab officially issued a security notice to fix GitLab code execution vulnerabilities in the Community Edition (CE) and Enterprise Edition (EE), with a CVSS score of 9.9. An unauthorized but authenticated attacker uses controllable markdown rendering options to construct malicious requests to execute arbitrary code on the server.
Affected version
- Gitlab CE/EE < 13.9.4
- Gitlab CE/EE < 13.8.6
- Gitlab CE/EE < 13.7.9
Unaffected version
- Gitlab CE/EE 13.9.4
- Gitlab CE/EE 13.8.6
- Gitlab CE/EE 13.7.9
Solution
At present, GitLab has fixed the vulnerability in the latest version, please upgrade GitLab to the unaffected version as soon as possible.