CVE-2021-22205
Description
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.
Severity: CRITICAL
CVE ID: CVE-2021-22205
CVSS Score: 10.0
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Proof Of Concept
Nuclei Templates for CVE-2021-22205
Refrence: Project Discovery GitHub
mr-r3bot
Refrence: GitHub
XTeam-Wing
Pocsuite3 For CVE-2021-22205
Refrence: GitHub
r0eXpeR
CVE-2021-22205 Unauthorized RCE
Refrence: GitHub
antx-code
Gitlab CE/EE RCE 未授权远程代码执行漏洞 POC && EXP CVE-2021-22205
Refrence: GitHub
Al1ex
CVE-2021-22205& GitLab CE/EE RCE
Refrence: GitHub
whwlsfb
CVE-2021-22205 Gitlab 未授权远程代码执行漏洞 EXP, 移除了对djvumake & djvulibre的依赖,可在win平台使用
Refrence: GitHub
findneo
PoC in single line bash
Refrence: GitHub
Seals6
CVE-2021-22205未授权漏洞批量检测与利用工具
Refrence: GitHub
c0okB
CVE-2021-22205 RCE
Refrence: GitHub
shang159
CVE-2021-22205-getshell
Refrence: GitHub
devdanqtuan
CVE-2021-22205& GitLab CE/EE RCE
Refrence: GitHub
hh-hunter
Refrence: GitHub
runsel
Exploit for GitLab CVE-2021-22205 Unauthenticated Remote Code Execution
Refrence: GitHub
faisalfs10x
Refrence: GitHub
inspiringz
GitLab CE/EE Preauth RCE using ExifTool
Refrence: GitHub
pizza-power
A CVE-2021-22205 Gitlab RCE POC written in Golang
Refrence: GitHub
DIVD-NL
NSE script to fingerprint if GitLab is vulnerable to cve-2021-22205-nse
Refrence: GitHub
w0x68y
CVE-2021-22205 的批量检测脚本
Refrence: GitHub
al4xs
Refrence: GitHub
honypot
Refrence: GitHub
momika233
GitLab 13.10.2 - Remote Code Execution (RCE) (Unauthenticated) cve-2021-22205
Refrence: GitHub
keven1z
CVE-2021-22205 检测脚本,支持getshell和命令执行
Refrence: GitHub
hhhotdrink
Refrence: GitHub
sei-fish
Refrence: GitHub
overgrowncarrot1
Refrence: GitHub
Hikikan
Refrence: GitHub
NukingDragons
A simple bash script that exploits CVE-2021-22205 against vulnerable instances of gitlab
Refrence: GitHub
Content on GitHub
Qclover | watchers:0
Gitlab_RCE_CVE_2021_22205
Refrence: GitHub
34zY | watchers:2
APT-Backpack
cve-2019-11510, cve-2019-19781, cve-2020-5902, cve-2021-1497, cve-2021-20090, cve-2021-22006, cve-2021-22205, cve-2021-26084, cve-2021-26855, cve-2021-26857, cve-2021–26857, cve-2021–26858, cve-2021–26865
Refrence: GitHub
CLincat | watchers:105
vulcat
vulcat可用于扫描Web端常见的CVE、CNVD等编号 的漏洞,发现漏洞时会返回Payload信息。部分漏洞还支持命令行交互模式,可以持续利用漏洞
Refrence: GitHub