COOEY // HUBcompliance · community · intelligence

Exposures › CVE-2021-22205

CVE-2021-22205

Severity
critical · on CISA KEV actively exploited
Source
CISA-KEV · kev
Published
2021-11-03
Reference
https://nvd.nist.gov/vuln/detail/CVE-2021-22205
⚡ RCE ⌖ exploited in the wild shame 95/100 ransomwarerceexploited-in-wild

GitHub Community and Enterprise Editions that utilize the ability to upload images through GitLab Workhorse are vulnerable to remote code execution. Workhorse passes image file extensions through ExifTool, which improperly validates the image files.

Players implicated

GitLab · vendorCommunity and Enterprise Editions · product

Description

GitHub Community and Enterprise Editions that utilize the ability to upload images through GitLab Workhorse are vulnerable to remote code execution. Workhorse passes image file extensions through ExifTool, which improperly validates the image files.

Affected FedRAMP products 0 in the catalog

No correlated FedRAMP products.