Main Vulnerability Database Vulnerabilities #VU57929

#VU57929 Input validation error in Gitlab Community Edition and GitLab Enterprise Edition - CVE-2021-39908

Published: November 4, 2021

Vulnerability identifier: #VU57929

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2021-39908

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Gitlab Community Edition
GitLab Enterprise Edition

Software vendor:
GitLab, Inc

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to insufficient validation of user-supplied input. A remote authenticated attacker can abuse certain Unicode characters to commit malicious code into projects without being noticed in merge request or source code viewer UI.

Remediation

Install updates from vendor's website.

External links

https://about.gitlab.com/releases/2021/10/28/security-release-gitlab-14-4-1-released/

#VU57929 Input validation error in Gitlab Community Edition and GitLab Enterprise Edition - CVE-2021-39908

Description

Remediation

External links

Please verify you're human