The Grit gem for Ruby, as used in GitLab 5.2 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands, as demonstrated by the search box for the GitLab code search feature.
CVSS v2.0 Score
6.5
/ 10.0
MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
Information
- Published
- 17 mai 2014
- Updated
- 12 avr. 2025
- Status
- Deferred
- Source
- secalert@redhat.com
Affected products
gitlab gitlab
Versions : 5.2.0, 5.3.0, 5.4.0, 6.0.0, 6.1.0
Weaknesses (CWE)
NVD-CWE-Other
References (2)
- https://www.gitlab.com/2013/11/04/gitlab-ce-6-2-and-5-4-security-release/PatchVendor Advisory
- https://www.gitlab.com/2013/11/04/gitlab-ce-6-2-and-5-4-security-release/PatchVendor Advisory
Monitor your products
Get automatic alerts for every new CVE affecting your equipment.