CVE-2013-4582

Name of the Vulnerable Software and Affected Versions: GitLab versions 5.0 through 5.4.2 GitLab Community Edition versions prior to 6.2.4 GitLab Enterprise Edition versions prior to 6.2.1 gitlab-shell versions prior to 1.7.8

Description: The issue allows remote authenticated users to include information from local files into the metadata of a Git repository via the web interface. This is due to vulnerabilities in the create branch, create tag, import project, and fork project functions in lib/gitlab projects.rb.

Recommendations: For GitLab versions 5.0 through 5.4.2, update to version 5.4.2 or later. For GitLab Community Edition versions prior to 6.2.4, update to version 6.2.4 or later. For GitLab Enterprise Edition versions prior to 6.2.1, update to version 6.2.1 or later. For gitlab-shell versions prior to 1.7.8, update to version 1.7.8 or later.