Gitlab Community Edition version 10.2.4 is vulnerable to a lack of input validation in the GitlabProjectsImportService resulting in remote code execution.
2018-03-21T20:29:00.293
2024-11-21T03:03:53.367
Modified
CVSSv3.0: 9.8 (CRITICAL)
AV:N/AC:L/Au:N/C:P/I:P/A:P
10.0
6.4
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | gitlab | gitlab | ≤ 9.5.10 | Yes |
| Application | gitlab | gitlab | ≤ 9.5.10 | Yes |
| Application | gitlab | gitlab | ≤ 10.1.5 | Yes |
| Application | gitlab | gitlab | ≤ 10.1.5 | Yes |
| Application | gitlab | gitlab | ≤ 10.2.5 | Yes |
| Application | gitlab | gitlab | ≤ 10.2.5 | Yes |
| Application | gitlab | gitlab | ≤ 10.3.3 | Yes |
| Application | gitlab | gitlab | ≤ 10.3.3 | Yes |
| Operating System | debian | debian_linux | 9.0 | Yes |