GitLab Remote Code Execution Vulnerability
Mar 22, 2021 GMT+08:00
GitLab has officially disclosed a major remote code execution vulnerability in all GitLab CE/EE versions since version 13.2. Attackers who have not been authenticated can exploit this vulnerability to execute arbitrary code on servers.
If you are a GitLab user, check your system and implement timely security hardening.
For more information about this vulnerability, visit the following website:
(Severity: low, moderate, important, and critical)
III. Affected Products
GitLab CE/EE after 13.8.6 and before 13.9.4
Gitlab CE/EE after 13.7.9 and before 13.8.6
Gitlab CE/EE before 13.7.9
GitLab CE/EE 13.9.4
GitLab CE/EE 13.8.6
GitLab CE/EE 13.7.9
IV. Vulnerability Handling
This vulnerability has been fixed in the latest official version. If your service version falls into the affected range, upgrade it to the latest secure version.
Note: Before fixing vulnerabilities, back up your files and conduct a thorough test.