CVE-2021-22205

Name of the Vulnerable Software and Affected Versions GitLab versions 11.9 through 13.10.2 GitLab CE/EE versions prior to 14.0

Description The issue is related to insufficient input validation in GitLab when parsing image files, allowing remote command execution. This has been exploited in real-world incidents, including a financially motivated operation called "LABRAT" that involves cryptomining and proxyjacking. The operation uses specially crafted image files to gain control over vulnerable GitLab servers, which are then used for malicious activities such as DDoS attacks and selling access to compromised systems.

Recommendations For GitLab versions 11.9 through 13.10.2, update to version 14.0 or later to resolve the issue. For GitLab CE/EE versions prior to 14.0, update to version 14.0 or later to resolve the issue. As a temporary workaround, consider restricting access to image file uploads or disabling the image parsing functionality until a patch is applied.