Gitlab has addressed a serious flaw that may have allowed remote code execution by an attacker. All GitLab versions, beginning with 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, have the security flaw, which has been classified as critical.
According to a GitLab advisory, an authenticated user may import a project that has been maliciously created, resulting in remote code execution. The most recent version provides a patch for the bug (CVE-2022-2185). Read More…