Vulnerability Database

300,445

Total vulnerabilities in the database

CVE-2021-22205

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.

Published: Apr 23, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-22205
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 10
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-94

Affected Software
References

Software	From	Fixed in
gitlab / gitlab	13.10.0	13.10.3
gitlab / gitlab	13.9.0	13.9.6
gitlab / gitlab	11.9.0	13.8.8

http://packetstormsecurity.com/files/164768/GitLab-Unauthenticated-Remote-ExifTool-Command-Injection.html
http://packetstormsecurity.com/files/164994/GitLab-13.10.2-Remote-Code-Execution.html
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22205.json
https://gitlab.com/gitlab-org/gitlab/-/issues/327121
https://hackerone.com/reports/1154542

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo