ID:5132 - Exploit for CRLF injection in Gitlab Community Edition - CVE-2018-19585

CSH
CYBERSECURITY HELP
Sign In REGISTER
 
Main Vulnerability Database Exploits ID:5132 - Exploit for CRLF injection in Gitlab Community Edition - CVE-2018-19585

ID:5132 - Exploit for CRLF injection in Gitlab Community Edition - CVE-2018-19585

Published: February 9, 2021


Vulnerability identifier: #VU31064
Vulnerability risk: Medium
CVE-ID: CVE-2018-19585
CWE-ID: CWE-93
Exploitation vector: Remote access
Vulnerable software:
Gitlab Community Edition

Link to public exploit:


Vulnerability description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

GitLab CE/EE versions 8.18 up to 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1 have CRLF Injection in Project Mirroring when using the Git protocol.


Remediation

Install update from vendor's website.