CVE-2018-19585

HIGH

GitLab CE/EE <11.3.11-11.5.1 - CRLF Injection

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2018-19585. PoCs published by Norbert Hofmann, Fortunato Lodari.

AI-analyzed exploit summary This exploit leverages CVE-2018-19585 (combined with CVE-2018-19571) to achieve RCE in GitLab 11.4.7 by abusing Redis deserialization via a crafted project import URL. It sends a reverse shell payload through Redis commands injected into the project creation form.

Description

GitLab CE/EE versions 8.18 up to 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1 have CRLF Injection in Project Mirroring when using the Git protocol.

Exploits (2)

exploitdb WORKING POC

by Norbert Hofmann · pythonwebappsruby

https://www.exploit-db.com/exploits/49334

View Code ZIP pw:eip

This exploit leverages CVE-2018-19585 (combined with CVE-2018-19571) to achieve RCE in GitLab 11.4.7 by abusing Redis deserialization via a crafted project import URL. It sends a reverse shell payload through Redis commands injected into the project creation form.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: GitLab 11.4.7 (Community Edition)

Auth required

Prerequisites: Valid GitLab credentials · Network access to target GitLab instance · Redis accessible on default port (6379)

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

exploitdb WORKING POC

by Fortunato Lodari · pythonwebappsruby

https://www.exploit-db.com/exploits/49257

View Code ZIP pw:eip

This exploit leverages a Redis injection vulnerability in GitLab 11.4.7 to achieve remote code execution by manipulating the project import URL to inject malicious Redis commands, resulting in a reverse shell.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: GitLab 11.4.7

Auth required

Prerequisites: Valid GitLab credentials · authenticity_token · session cookies · access to the target GitLab instance

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4

Core References

Release Notes, Vendor Advisory x_refsource_misc

https://about.gitlab.com/blog/categories/releases/

Release Notes, Vendor Advisory x_refsource_misc

https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/

Exploit, Third Party Advisory x_refsource_misc

http://packetstormsecurity.com/files/160516/GitLab-11.4.7-Remote-Code-Execution.html

Exploit, Third Party Advisory x_refsource_misc

http://packetstormsecurity.com/files/160699/GitLab-11.4.7-Remote-Code-Execution.html

Scores

CVSS v3 7.5

EPSS 0.1451

EPSS Percentile 96.2%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-93

Status published

Products (1)

gitlab/gitlab 8.18.0 - 11.3.11 (2 CPE variants)

Published May 17, 2019

Tracked Since Feb 18, 2026