GitLab patches RCE bug in GitHub import function

13-Oct-22

GitLab’s vulnerability made it possible for attackers to launch numerous assaults on GitLab servers, including the GitLab.com platform that is housed in the cloud. GitLab imports data from GitHub in a bug that may be used to execute instructions on the host server, according to security researcher ‘yvvdwf’.

GitLab makes use of the Octokit package, which offers a user interface for importing data from the GitHub API. Octokit makes use of the HTTP client library Sawyer to retrieve and display its results. Read More…