GitLab Community Edition (CE) and Enterprise Edition (EE) before 8.17.8, 9.0.x before 9.0.13, 9.1.x before 9.1.10, 9.2.x before 9.2.10, 9.3.x before 9.3.10, and 9.4.x before 9.4.4 might allow remote attackers to execute arbitrary code via a crafted SSH URL in a project import.
CVSS v3.0 Score
8.8
/ 10.0
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Information
- Published
- 14 août 2017
- Updated
- 20 avr. 2025
- Status
- Deferred
- Source
- cve@mitre.org
Affected products
gitlab gitlab
Versions : 8.17.7, 9.0.0, 9.0.1, 9.0.2, 9.0.3
Weaknesses (CWE)
CWE-20
References (4)
- https://about.gitlab.com/2017/08/10/gitlab-9-dot-4-dot-4-released/MitigationRelease NotesVendor Advisory
- https://about.gitlab.com/2017/08/10/gitlab-9-dot-4-dot-4-released/MitigationRelease NotesVendor Advisory
Similar CVEs
Other vulnerabilities of type CWE-20
Loading…
Monitor your products
Get automatic alerts for every new CVE affecting your equipment.