GitLab Community Edition (CE) and Enterprise Edition (EE) before 8.17.8, 9.0.x before 9.0.13, 9.1.x before 9.1.10, 9.2.x before 9.2.10, 9.3.x before 9.3.10, and 9.4.x before 9.4.4 might allow remote attackers to execute arbitrary code via a crafted SSH URL in a project import.
References
Link | Resource |
---|---|
https://about.gitlab.com/2017/08/10/gitlab-9-dot-4-dot-4-released/ | Mitigation Release Notes Vendor Advisory |
https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg1466490.html | |
https://about.gitlab.com/2017/08/10/gitlab-9-dot-4-dot-4-released/ | Mitigation Release Notes Vendor Advisory |
https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg1466490.html |
Configurations
Configuration 1 (hide)
|
History
21 Nov 2024, 03:09
Type | Values Removed | Values Added |
---|---|---|
References | () https://about.gitlab.com/2017/08/10/gitlab-9-dot-4-dot-4-released/ - Mitigation, Release Notes, Vendor Advisory | |
References | () https://www.mail-archive.com/linux-kernel%40vger.kernel.org/msg1466490.html - |
07 Nov 2023, 02:38
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Information
Published : 2017-08-14 21:29
Updated : 2024-11-21 03:09
NVD link : CVE-2017-12426
Mitre link : CVE-2017-12426
CVE.ORG link : CVE-2017-12426
JSON object : View
Products Affected
gitlab
- gitlab
CWE
CWE-20
Improper Input Validation