Skip to main content

CVE-2021-22205

Description

An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.

GitLab Inc.
Severity: CRITICAL
CVE ID: CVE-2021-22205
CVSS Score: 10.0
CVSS Metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Refrence: NVDMITRE

Proof Of Concept

Nuclei Templates for CVE-2021-22205
mr-r3bot

Refrence: GitHub

XTeam-Wing

Pocsuite3 For CVE-2021-22205

Refrence: GitHub

r0eXpeR

CVE-2021-22205 Unauthorized RCE

Refrence: GitHub

antx-code

Gitlab CE/EE RCE 未授权远程代码执行漏洞 POC && EXP CVE-2021-22205

Refrence: GitHub

Al1ex

CVE-2021-22205& GitLab CE/EE RCE

Refrence: GitHub

whwlsfb

CVE-2021-22205 Gitlab 未授权远程代码执行漏洞 EXP, 移除了对djvumake & djvulibre的依赖,可在win平台使用

Refrence: GitHub

findneo

PoC in single line bash

Refrence: GitHub

Seals6

CVE-2021-22205未授权漏洞批量检测与利用工具

Refrence: GitHub

c0okB

CVE-2021-22205 RCE

Refrence: GitHub

shang159

CVE-2021-22205-getshell

Refrence: GitHub

devdanqtuan

CVE-2021-22205& GitLab CE/EE RCE

Refrence: GitHub

hh-hunter

Refrence: GitHub

runsel

Exploit for GitLab CVE-2021-22205 Unauthenticated Remote Code Execution

Refrence: GitHub

faisalfs10x

Refrence: GitHub

inspiringz

GitLab CE/EE Preauth RCE using ExifTool

Refrence: GitHub

pizza-power

A CVE-2021-22205 Gitlab RCE POC written in Golang

Refrence: GitHub

DIVD-NL

NSE script to fingerprint if GitLab is vulnerable to cve-2021-22205-nse

Refrence: GitHub

w0x68y

CVE-2021-22205 的批量检测脚本

Refrence: GitHub

al4xs

Refrence: GitHub

honypot

Refrence: GitHub

momika233

GitLab 13.10.2 - Remote Code Execution (RCE) (Unauthenticated) cve-2021-22205

Refrence: GitHub

keven1z

CVE-2021-22205 检测脚本,支持getshell和命令执行

Refrence: GitHub

hhhotdrink

Refrence: GitHub

sei-fish

Refrence: GitHub

overgrowncarrot1

Refrence: GitHub

Hikikan

Refrence: GitHub

NukingDragons

A simple bash script that exploits CVE-2021-22205 against vulnerable instances of gitlab

Refrence: GitHub

Content on GitHub

Qclover | watchers:0

Gitlab_RCE_CVE_2021_22205

Refrence: GitHub

34zY | watchers:2

APT-Backpack
cve-2019-11510, cve-2019-19781, cve-2020-5902,               cve-2021-1497, cve-2021-20090, cve-2021-22006, cve-2021-22205, cve-2021-26084, cve-2021-26855, cve-2021-26857, cve-2021–26857, cve-2021–26858, cve-2021–26865

Refrence: GitHub

CLincat | watchers:105

vulcat
vulcat可用于扫描Web端常见的CVE、CNVD等编号的漏洞,发现漏洞时会返回Payload信息。部分漏洞还支持命令行交互模式,可以持续利用漏洞

Refrence: GitHub

Last updated on by Vulnerability_bot_v1.3.9