GitLab is an open-source project for a warehouse management system. It uses Git as a code management tool to access public or private projects through a web interface. On March 16th, GitLab officially issued
a security notice to fix GitLab code execution vulnerabilities in the Community Edition (CE) and Enterprise Edition (EE), with a CVSS score of 9.9. An unauthorized but authenticated attacker uses controllable markdown rendering options to construct malicious requests to execute arbitrary code on the server.
- Gitlab CE/EE < 13.9.4
- Gitlab CE/EE < 13.8.6
- Gitlab CE/EE < 13.7.9
- Gitlab CE/EE 13.9.4
- Gitlab CE/EE 13.8.6
- Gitlab CE/EE 13.7.9
At present, GitLab has fixed the vulnerability in the latest version, please upgrade GitLab to the unaffected version as soon as possible.
The post GitLab Remote Code Execution Vulnerability Alert appeared first on InfoTech News.