CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS
Percentile
99.9%
Severity: Critical
Date : 2021-04-29
CVE-ID : CVE-2021-22205 CVE-2021-28965
Package : gitlab
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-1822
The package gitlab before version 13.10.3-1 is vulnerable to multiple
issues including arbitrary code execution and incorrect calculation.
Upgrade to 13.10.3-1.
The problems have been fixed upstream in version 13.10.3.
None.
An issue has been discovered in GitLab CE/EE affecting all versions
starting from 11.9. GitLab was not properly validating image files that
is passed to a file parser which resulted in a remote command
execution. The issue is fixed in GitLab versions 13.10.3, 13.9.6 and
13.8.8.
When parsing and serializing a crafted XML document, the REXML gem
(including the one bundled with Ruby) can create a wrong XML document
whose structure is different from the original one. The impact of this
issue highly depends on context, but it may lead to a vulnerability in
some programs that are using REXML. The issue is fixed in version 3.2.5
of the REXML gem.
An attacker can crash or execute arbitrary code on the affected server
by providing a maliciously crafted XML or image file.
https://about.gitlab.com/releases/2021/04/14/security-release-gitlab-13-10-3-released/
https://about.gitlab.com/releases/2021/04/14/security-release-gitlab-13-10-3-released/#Remote-code-execution-when-uploading-specially-crafted-image-files
https://gitlab.com/gitlab-org/gitlab/-/issues/327121
https://hackerone.com/reports/1154542
https://www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/
https://hackerone.com/reports/1104077
https://github.com/ruby/rexml/commit/a659c63e37414506dfb0d4655e031bb7a2e73fc8
https://github.com/ruby/rexml/commit/2fe62e29094d95921d7e19abbd2e26b23d78dc5b
https://github.com/ruby/rexml/commit/6a250d2cd1194c2be72becbdd9c3e770aa16e752
https://github.com/ruby/rexml/commit/f7bab8937513b1403cea5aff874cbf32fd5e8551
https://github.com/ruby/rexml/commit/f9d88e4948b4a43294c25dc0edb16815bd9d8618
https://github.com/ruby/rexml/commit/9b311e59ae05749e082eb6bbefa1cb620d1a786e
https://github.com/ruby/rexml/commit/3c137eb119550874b2b3e27d12b733ca67033377
https://security.archlinux.org/CVE-2021-22205
https://security.archlinux.org/CVE-2021-28965
about.gitlab.com/releases/2021/04/14/security-release-gitlab-13-10-3-released/
about.gitlab.com/releases/2021/04/14/security-release-gitlab-13-10-3-released/#Remote-code-execution-when-uploading-specially-crafted-image-files
github.com/ruby/rexml/commit/2fe62e29094d95921d7e19abbd2e26b23d78dc5b
github.com/ruby/rexml/commit/3c137eb119550874b2b3e27d12b733ca67033377
github.com/ruby/rexml/commit/6a250d2cd1194c2be72becbdd9c3e770aa16e752
github.com/ruby/rexml/commit/9b311e59ae05749e082eb6bbefa1cb620d1a786e
github.com/ruby/rexml/commit/a659c63e37414506dfb0d4655e031bb7a2e73fc8
github.com/ruby/rexml/commit/f7bab8937513b1403cea5aff874cbf32fd5e8551
github.com/ruby/rexml/commit/f9d88e4948b4a43294c25dc0edb16815bd9d8618
gitlab.com/gitlab-org/gitlab/-/issues/327121
hackerone.com/reports/1104077
hackerone.com/reports/1154542
security.archlinux.org/AVG-1822
security.archlinux.org/CVE-2021-22205
security.archlinux.org/CVE-2021-28965
www.ruby-lang.org/en/news/2021/04/05/xml-round-trip-vulnerability-in-rexml-cve-2021-28965/
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS
Percentile
99.9%