Lucene search
K

GitLab CE/EE - Remote Code Execution

🗓️ 16 Jun 2026 07:13:51Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 81 Views

GitLab CE/EE Remote Code Execution vulnerability in version 11.9 and late

Related
Code
ReporterTitlePublishedViews
Family
GithubExploit
Exploit for Code Injection in Gitlab
5 Jun 202115:42
githubexploit
GithubExploit
Exploit for Code Injection in Gitlab
30 Oct 202111:54
githubexploit
GithubExploit
Exploit for Code Injection in Gitlab
29 Oct 202104:15
githubexploit
GithubExploit
Exploit for Code Injection in Gitlab
9 Nov 202118:19
githubexploit
GithubExploit
Exploit for Code Injection in Gitlab
1 Nov 202315:19
githubexploit
GithubExploit
Exploit for Code Injection in Gitlab
4 Nov 202109:01
githubexploit
GithubExploit
Exploit for Code Injection in Gitlab
28 Oct 202106:29
githubexploit
GithubExploit
Exploit for Code Injection in Gitlab
29 Oct 202104:15
githubexploit
GithubExploit
Exploit for Code Injection in Gitlab
19 Nov 202509:50
githubexploit
GithubExploit
Exploit for Code Injection in Gitlab
1 Nov 202106:06
githubexploit
Rows per page
id: CVE-2021-22205

info:
  name: GitLab CE/EE - Remote Code Execution
  author: GitLab Red Team
  severity: critical
  description: GitLab CE/EE starting from 11.9 does not properly validate image files that were passed to a file parser, resulting in a remote command execution vulnerability. This template attempts to passively identify vulnerable versions of GitLab without the need for an exploit by matching unique hashes for the application-<hash>.css file in the header for unauthenticated requests. Positive matches do not guarantee exploitability. Tooling to find relevant hashes based on the semantic version ranges specified in the CVE is linked in the references section below.
  impact: |
    Successful exploitation of this vulnerability could allow an attacker to execute arbitrary code on the affected GitLab instance.
  remediation: |
    Upgrade to GitLab CE/EE version 13.10.3 or 13.11.1 to mitigate this vulnerability.
  reference:
    - https://gitlab.com/gitlab-com/gl-security/security-operations/gl-redteam/red-team-research/cve-2021-22205-hash-generator
    - https://gitlab.com/gitlab-com/gl-security/security-operations/gl-redteam/red-team-operations/-/issues/196
    - https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22205.json
    - https://censys.io/blog/cve-2021-22205-it-was-a-gitlab-smash/
    - https://security.humanativaspa.it/gitlab-ce-cve-2021-22205-in-the-wild/
    - https://hackerone.com/reports/1154542
    - https://nvd.nist.gov/vuln/detail/CVE-2021-22205
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
    cvss-score: 10
    cve-id: CVE-2021-22205
    cwe-id: CWE-94
    epss-score: 0.99731
    epss-percentile: 0.99952
    cpe: cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
  metadata:
    max-request: 1
    vendor: gitlab
    product: gitlab
    shodan-query:
      - http.title:"GitLab"
      - cpe:"cpe:2.3:a:gitlab:gitlab"
      - http.title:"gitlab"
    fofa-query: title="gitlab"
    google-query: intitle:"gitlab"
  tags: cve2021,cve,kev,hackerone,gitlab,rce,vkev,vuln

http:
  - method: GET
    path:
      - "{{BaseURL}}/users/sign_in"

    host-redirects: true
    max-redirects: 3
    matchers:
      - type: word
        words:
          - "015d088713b23c749d8be0118caeb21039491d9812c75c913f48d53559ab09df"
          - "02aa9533ec4957bb01d206d6eaa51d762c7b7396362f0f7a3b5fb4dd6088745b"
          - "051048a171ccf14f73419f46d3bd8204aa3ed585a72924faea0192f53d42cfce"
          - "08858ced0ff83694fb12cf155f6d6bf450dcaae7192ea3de8383966993724290"
          - "0993beabc8d2bb9e3b8d12d24989426b909921e20e9c6a704de7a5f1dfa93c59"
          - "0a5b4edebfcb0a7be64edc06af410a6fbc6e3a65b76592a9f2bcc9afea7eb753"
          - "1084266bd81c697b5268b47c76565aa86b821126a6b9fe6ea7b50f64971fc96f"
          - "14c313ae08665f7ac748daef8a70010d2ea9b52fd0cae594ffa1ffa5d19c43f4"
          - "1626b2999241b5a658bddd1446648ed0b9cc289de4cc6e10f60b39681a0683c4"
          - "20f01320ba570c73e01af1a2ceb42987bcb7ac213cc585c187bec2370cf72eb6"
          - "27d2c4c4e2fcf6e589e3e1fe85723537333b087003aa4c1d2abcf74d5c899959"
          - "292ca64c0c109481b0855aea6b883a588bd293c6807e9493fc3af5a16f37f369"
          - "2eaf7e76aa55726cc0419f604e58ee73c5578c02c9e21fdbe7ae887925ea92ae"
          - "30a9dffe86b597151eff49443097496f0d1014bb6695a2f69a7c97dc1c27828f"
          - "318ee33e5d14035b04832fa07c492cdf57788adda50bb5219ef75b735cbf00e2"
          - "33313f1ff2602ef43d945e57e694e747eb00344455ddb9b2544491a3af2696a1"
          - "335f8ed58266e502d415f231f6675a32bb35cafcbaa279baa2c0400d4a9872ac"
          - "34031b465d912c7d03e815c7cfaff77a3fa7a9c84671bb663026d36b1acd3f86"
          - "3407a4fd892e9d5024f3096605eb1e25cad75a8bf847d26740a1e6a77e45b087"
          - "340c31a75c5150c5e501ec143849adbed26fed0da5a5ee8c60fb928009ea3b86"
          - "38981e26a24308976f3a29d6e5e2beef57c7acda3ad0d5e7f6f149d58fd09d3d"
          - "3963d28a20085f0725884e2dbf9b5c62300718aa9c6b4b696c842a3f4cf75fcd"
          - "39b154eeefef684cb6d56db45d315f8e9bf1b2cc86cf24d8131c674521f5b514"
          - "39fdbd63424a09b5b065a6cc60c9267d3f49950bf1f1a7fd276fe1ece4a35c09"
          - "3b51a43178df8b4db108a20e93a428a889c20a9ed5f41067d1a2e8224740838e"
          - "3cbf1ae156fa85f16d4ca01321e0965db8cfb9239404aaf52c3cebfc5b4493fb"
          - "40d8ac21e0e120f517fbc9a798ecb5caeef5182e01b7e7997aac30213ef367b3"
          - "4448d19024d3be03b5ba550b5b02d27f41c4bdba4db950f6f0e7136d820cd9e1"
          - "450cbe5102fb0f634c533051d2631578c8a6bae2c4ef1c2e50d4bfd090ce3b54"
          - "455d114267e5992b858fb725de1c1ddb83862890fe54436ffea5ff2d2f72edc8"
          - "4568941e60dbfda3472e3f745cd4287172d4e6cce44bed85390af9e4e2112d0b"
          - "45b2cf643afd34888294a073bf55717ea00860d6a1dca3d301ded1d0040cac44"
          - "473ef436c59830298a2424616d002865f17bb5a6e0334d3627affa352a4fc117"
          - "4990bb27037f3d5f1bffc0625162173ad8043166a1ae5c8505aabe6384935ce2"
          - "4a081f9e3a60a0e580cad484d66fbf5a1505ad313280e96728729069f87f856e"
          - "4abc4e078df94075056919bd59aed6e7a0f95067039a8339b8f614924d8cb160"
          - "504940239aafa3b3a7b49e592e06a0956ecaab8dbd4a5ea3a8ffd920b85d42eb"
          - "52560ba2603619d2ff1447002a60dcb62c7c957451fb820f1894e1ce7c23821c"
          - "530a8dd34c18ca91a31fbae2f41d4e66e253db0343681b3c9640766bf70d8edf"
          - "5440e2dd89d3c803295cc924699c93eb762e75d42178eb3fe8b42a5093075c71"
          - "62e4cc014d9d96f9cbf443186289ffd9c41bdfe951565324891dcf38bcca5a51"
          - "64e10bc92a379103a268a90a7863903eacb56843d8990fff8410f9f109c3b87a"
          - "655ad8aea57bdaaad10ff208c7f7aa88c9af89a834c0041ffc18c928cc3eab1f"
          - "67ac5da9c95d82e894c9efe975335f9e8bdae64967f33652cd9a97b5449216d2"
          - "69a1b8e44ba8b277e3c93911be41b0f588ac7275b91a184c6a3f448550ca28ca"
          - "6ae610d783ba9a520b82263f49d2907a52090fecb3ac37819cea12b67e6d94fb"
          - "70ce56efa7e602d4b127087b0eca064681ecdd49b57d86665da8b081da39408b"
          - "7310c45f08c5414036292b0c4026f281a73cf8a01af82a81257dd343f378bbb5"
          - "73a21594461cbc9a2fb00fc6f94aec1a33ccf435a7d008d764ddd0482e08fc8d"
          - "77566acc818458515231d0a82c131a42890d771ea998b9f578dc38e0eb7e517f"
          - "78812856e55613c6803ecb31cc1864b7555bf7f0126d1dfa6f37376d37d3aeab"
          - "79837fd1939f90d58cc5a842a81120e8cecbc03484362e88081ebf3b7e3830e9"
          - "7b1dcbacca4f585e2cb98f0d48f008acfec617e473ba4fd88de36b946570b8b9"
          - "7f1c7b2bfaa6152740d453804e7aa380077636cad101005ed85e70990ec20ec5"
          - "81c5f2c7b2c0b0abaeb59585f36904031c21b1702c24349404df52834fbd7ad3"
          - "83dc10f687305b22e602ba806619628a90bd4d89be7c626176a0efec173ecff1"
          - "93ebf32a4bd988b808c2329308847edd77e752b38becc995970079a6d586c39b"
          - "969119f639d0837f445a10ced20d3a82d2ea69d682a4e74f39a48a4e7b443d5e"
          - "9b4e140fad97320405244676f1a329679808e02c854077f73422bd8b7797476b"
          - "9c095c833db4364caae1659f4e4dcb78da3b5ec5e9a507154832126b0fe0f08e"
          - "a0c92bafde7d93e87af3bc2797125cba613018240a9f5305ff949be8a1b16528"
          - "a9308f85e95b00007892d451fd9f6beabcd8792b4c5f8cd7524ba7e941d479c9"
          - "ac9b38e86b6c87bf8db038ae23da3a5f17a6c391b3a54ad1e727136141a7d4f5"
          - "ae0edd232df6f579e19ea52115d35977f8bdbfa9958e0aef2221d62f3a39e7d8"
          - "aeddf31361633b3d1196c6483f25c484855e0f243e7f7e62686a4de9e10ec03b"
          - "b50bfeb87fe7bb245b31a0423ccfd866ca974bc5943e568ce47efb4cd221d711"
          - "b64a1277a08c2901915525143cd0b62d81a37de0a64ec135800f519cb0836445"
          - "bb1565ffd7c937bea412482ed9136c6057be50356f1f901379586989b4dfe2ca"
          - "be9a23d3021354ec649bc823b23eab01ed235a4eb730fd2f4f7cdb2a6dee453a"
          - "bec9544b57b8b2b515e855779735ad31c3eacf65d615b4bfbd574549735111e7"
          - "bf1ba5d5d3395adc5bad6f17cc3cb21b3fb29d3e3471a5b260e0bc5ec7a57bc4"
          - "bf1c397958ee5114e8f1dadc98fa9c9d7ddb031a4c3c030fa00c315384456218"
          - "c8d8d30d89b00098edab024579a3f3c0df2613a29ebcd57cdb9a9062675558e4"
          - "c923fa3e71e104d50615978c1ab9fcfccfcbada9e8df638fc27bf4d4eb72d78c"
          - "d0850f616c5b4f09a7ff319701bce0460ffc17ca0349ad2cf7808b868688cf71"
          - "d161b6e25db66456f8e0603de5132d1ff90f9388d0a0305d2d073a67fd229ddb"
          - "d56f0577fbbbd6f159e9be00b274270cb25b60a7809871a6a572783b533f5a3c"
          - "d812b9bf6957fafe35951054b9efc5be6b10c204c127aa5a048506218c34e40f"
          - "dc6b3e9c0fad345e7c45a569f4c34c3e94730c33743ae8ca055aa6669ad6ac56"
          - "def1880ada798c68ee010ba2193f53a2c65a8981871a634ae7e18ccdcd503fa3"
          - "e2578590390a9eb10cd65d130e36503fccb40b3921c65c160bb06943b2e3751a"
          - "e4b6f040fe2e04c86ed1f969fc72710a844fe30c3501b868cb519d98d1fe3fd0"
          - "eb078ffe61726e3898dc9d01ea7955809778bde5be3677d907cbd3b48854e687"
          - "ec9dfedd7bd44754668b208858a31b83489d5474f7606294f6cc0128bb218c6d"
          - "ed4780bb05c30e3c145419d06ad0ab3f48bd3004a90fb99601f40c5b6e1d90fd"
          - "ef53a4f4523a4a0499fb892d9fb5ddb89318538fef33a74ce0bf54d25777ea83"
          - "f154ef27cf0f1383ba4ca59531058312b44c84d40938bc8758827023db472812"
          - "f7d1309f3caef67cb63bd114c85e73b323a97d145ceca7d6ef3c1c010078c649"
          - "f9ab217549b223c55fa310f2007a8f5685f9596c579f5c5526e7dcb204ba0e11"
        condition: or

    extractors:
      - type: regex
        group: 1
        regex:
          - '(?:application-)(\S{64})(?:\.css)'
# digest: 4a0a00473045022100b1820b32e6c893ec10f7cc45c15dfa88e6df0bd4026a71a7ad6db7ce4bcea068022009063521f171c0c5f412f3737429e6878f7d8aa857ae1d72f01d3b2894ee05c5:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
8.8High risk
Vulners AI Score8.8
CVSS 27.5
CVSS 3.110
EPSS0.99731
SSVC
81