Main Vulnerability Database Vulnerabilities #VU31064

#VU31064 CRLF injection in Gitlab Community Edition - CVE-2018-19585

Published: May 17, 2019 / Updated: June 17, 2021

Vulnerability identifier: #VU31064

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:P/U:Green

CVE-ID: CVE-2018-19585

CWE-ID: CWE-93

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
Gitlab Community Edition

Software vendor:
GitLab, Inc

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

GitLab CE/EE versions 8.18 up to 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1 have CRLF Injection in Project Mirroring when using the Git protocol.

Remediation

Install update from vendor's website.

External links

https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
https://about.gitlab.com/blog/categories/releases/

#VU31064 CRLF injection in Gitlab Community Edition - CVE-2018-19585

Description

Remediation

External links

Please verify you're human