GitLab ExifTool uploaded image command injection
Added: 11/24/2021Background
GitLab is an open-source software development platform with built-in version control and issue tracking.Problem
A remote attacker can execute arbitrary commands by uploading a specially crafted image to GitLab, which executes injected Perl code when ExifTool parses DjVu annotations.Resolution
Upgrade to GitLab 13.8.8, 13.9.6, or 13.10.3 or higher.References
https://gitlab.com/gitlab-org/gitlab/-/issues/327121https://about.gitlab.com/releases/2021/04/14/security-release-gitlab-13-10-3-released/
Back to exploit index