GitLab Wiki API Attachments Command Injection (CVE-2018-18649)

A remote code execution vulnerability has been reported in GitLab Wiki API. The vulnerability is due to improper validation of parameters when uploading files to the Wiki repository via the Wiki API. A remote, authenticated attacker can exploit the vulnerability by sending a crafted request to th...

CVE-2018-18649

An issue was discovered in the wiki API in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows for remote code execution...