Critical Vulnerability in GitLab

Published on 19 Apr 2021

Updated on 19 Apr 2021

GitLab has released a security update to address a critical vulnerability in its Community Edition (CE) and Enterprise Edition (EE). 

Successful exploitation of the vulnerability could allow an attacker to execute arbitrary code on the server when uploading specially-crafted image files. The vulnerability has a Common Vulnerability Scoring System (CVSS) v3.1 score of 9.9 and affects all versions of GitLab CE and EE starting from version 11.9.

Administrators and users running affected GitLab CE or EE versions are advised to upgrade to the latest versions (13.10.3, 13.9.6, or 13.8.8) immediately.

More information is available here:
https://about.gitlab.com/releases/2021/04/14/security-release-gitlab-13-10-3-released/