Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2021-22205 PoC — GitLab 代码注入漏洞

Source
https://github.com/projectdiscovery/nuclei-templates/blob/main/http/vulnerabilities/gitlab/gitlab-rce.yaml
Associated Vulnerability
Title:GitLab 代码注入漏洞 (CVE-2021-22205)
Description:GitLab是美国GitLab公司的一个开源的端到端软件开发平台,具有内置的版本控制、问题跟踪、代码审查、CI/CD(持续集成和持续交付)等功能。 Gitlab Community Edition 存在代码注入漏洞,该漏洞源于图像解析器在处理图像文件时输入验证不正确。以下产品及版本受到影响::Gitlab Community Edition: 11.9.0, 11.9.1, 11.9.2, 11.9.3, 11.9.4, 11.9.5, 11.9.6, 11.9.7, 11.9.8, 11.9.9, 11
Description
GitLab CE/EE contains a vulnreability which allows a specially crafted image passed to a file parser to perform a command execution attack. Versions impacted are between 11.9-13.8.7, 13.9-13.9.5, and 13.10-13.10.2.
File Snapshot

 id: gitlab-rce

info:
  name: GitLab CE/EE Unauthenticated RCE Using ExifTool
  author: pdteam
  sev

...
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.