Description
The repository import feature in gitlab-shell before 1.7.4, as used in GitLab, allows remote authenticated users to execute arbitrary commands via the import URL.
References (3)
Core 3
Core References
Patch, Vendor Advisory x_refsource_confirm
https://www.gitlab.com/2013/11/08/security-vulnerability-in-gitlab-shell/
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/11/11/2
Various Sources x_refsource_confirm
https://gitlab.com/gitlab-org/gitlab-shell/blob/master/CHANGELOG
Scores
EPSS
0.0022
EPSS Percentile
44.4%
Details
Status
published
Products (24)
gitlab/gitlab
5.0.0
gitlab/gitlab
5.0.1
gitlab/gitlab
5.1.0
gitlab/gitlab
5.2.0
gitlab/gitlab
5.3.0
gitlab/gitlab
5.4.0
gitlab/gitlab
5.4.1
gitlab/gitlab
5.4.2
gitlab/gitlab
6.0.0
gitlab/gitlab
6.1.0
... and 14 more
Published
May 13, 2014
Tracked Since
Feb 18, 2026