An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9 through 13.8.8 / 13.9.6 / 13.10.3. This is the result of improper validation of image files by a 3rd-party file parser Exif-Tool, resulting in a remote command execution.
No source data