CVE-2013-4489
GitLab 5.2-5.4.1 and 6.x-6.2.3 - Authenticated Remote Code Execution via Grit Gem Search Feature
Title source: llmDescription
The Grit gem for Ruby, as used in GitLab 5.2 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands, as demonstrated by the search box for the GitLab code search feature.
References (1)
Core 1
Core References
Patch, Vendor Advisory x_refsource_confirm
https://www.gitlab.com/2013/11/04/gitlab-ce-6-2-and-5-4-security-release/
Scores
EPSS
0.0020
EPSS Percentile
42.0%
Details
Status
published
Products (9)
gitlab/gitlab
5.2.0
gitlab/gitlab
5.3.0
gitlab/gitlab
5.4.0
gitlab/gitlab
6.0.0
gitlab/gitlab
6.1.0
gitlab/gitlab
6.2.0
gitlab/gitlab
6.2.1
gitlab/gitlab
6.2.2
rubygems/gitlab-grit
0 - 2.6.1RubyGems
Published
May 17, 2014
Tracked Since
Feb 18, 2026