6 matches found
GitLab 13.2 < 13.7.9 / 13.8 < 13.8.6 / 13.9 < 13.9.4 (CVE-2021-22192)
The version of GitLab installed on the remote host is affected by a vulnerability, as follows: - An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 allowing unauthorized authenticated users to execute arbitrary code on the server. CVE-2021-22192 Note that Nessu...
[ASA-202103-13] gitlab: arbitrary code execution
Arch Linux Security Advisory ASA-202103-13 ========================================== Severity: Critical Date : 2021-03-25 CVE-ID : CVE-2021-22192 Package : gitlab Type : arbitrary code execution Remote : Yes Link : https://security.archlinux.org/AVG-1710 Summary ======= The package gitlab before...
CVE-2021-22192
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 allowing unauthorized authenticated users to execute arbitrary code on the server...
CVE-2021-22192
An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 allowing unauthorized authenticated users to execute arbitrary code on the server...
CVE-2021-22192
CVE-2021-22192 affects GitLab CE/EE (from version 13.2 onward): an authenticated user can execute arbitrary code on the server due to unsafe/unsupported markdown rendering. Public sources describe RCE via user-controlled Markdown rendering options; OSS and security advisories confirm the vulnerab...
GitLab 未授权RCE漏洞(CVE-2021-22192)
When rendering wiki content with certain extensions such as .rmd, renderwikicontent will call othermarkupunsafe which will end up calling GitHub::Markup.render from the github-markup gem. Files with any extension can be uploaded by checking out the wiki with git, commiting the files and pushing t...