Synology-SA-17:43 GitLab

2017-09-08 10:46:10

Severity
Important
Status
Resolved

Abstract

CVE-2017-12426 allows attackers to execute arbitrary commands on a vulnerable version of GitLab via a crafted SSH URL for a project import.

Severity

Affected

  • Products
    • GitLab before 9.4.4-0024
  • Models
    • All Synology models

Description

GitLab Community Edition (CE) and Enterprise Edition (EE) before 8.17.8, 9.0.x before 9.0.13, 9.1.x before 9.1.10, 9.2.x before 9.2.10, 9.3.x before 9.3.10, and 9.4.x before 9.4.4 might allow remote attackers to execute arbitrary code via a crafted SSH URL in a project import.

Mitigation

None

Update Availability

To fix the security issue, please go to DSM > Package Center and update GitLab to 9.4.4-0024 or above.

Reference