漏洞描述
GitLab是一款Ruby开发的Git项目管理平台。在11.9以后的GitLab中,因为使用了图片处理工具ExifTool而受到漏洞CVE-2021-22204的影响,攻击者可以通过一个未授权的接口上传一张恶意构造的图片,进而在GitLab服务器上执行任意命令。
GitLab 远程命令执行漏洞(CVE-2021-22205)
PoC代码
暂无相关漏洞推荐
- gitlab-api-user-enum: GitLab - User Information Disclosure Via Open API
- POC CVE-2024-45409: GitLab - SAML Authentication Bypass
- POC CVE-2025-25291: GitLab - SAML Authentication Bypass
- POC CVE-2019-6793: GitLab Enterprise Edition - Server-Side Request Forgery
- POC CVE-2020-2096: Jenkins Gitlab Hook <=1.4.2 - Cross-Site Scripting
- POC CVE-2020-26413: Gitlab CE/EE 13.4 - 13.6.2 - Information Disclosure
- POC CVE-2021-22205: GitLab CE/EE - Remote Code Execution
- POC CVE-2021-22214: Gitlab CE/EE 10.5 - Server-Side Request Forgery
- POC CVE-2021-4191: GitLab GraphQL API User Enumeration
- POC CVE-2022-0735: GitLab CE/EE - Information Disclosure
- POC CVE-2022-1162: GitLab CE/EE - Hard-Coded Credentials
- POC CVE-2022-2185: GitLab CE/EE - Remote Code Execution
- POC CVE-2023-2825: GitLab 16.0.0 - Path Traversal