CISA Known Exploited Vulnerability
This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.
Remediation Deadline: Nov 17, 2021
High
CISA KEVRansomwareCVE-2021-22205
GitLab—Community and Enterprise Editions
GitHub Community and Enterprise Editions that utilize the ability to upload images through GitLab Workhorse are vulnerable to remote code execution. Workhorse passes image file extensions through ExifTool, which improperly validates the image files.
Required Action
https://nvd.nist.gov/vuln/detail/CVE-2021-22205
Vulnerability Overview
- Severity
- High
- CISA KEV
- Yes
- Ransomware
- Known
- Published
- Nov 3, 2021
- KEV Added
- Nov 3, 2021
- Due Date
- Nov 17, 2021
- Related Articles
- 0
Vendor
GitLab
Community and Enterprise Editions