CVE-2018-19585

Published: May 17, 2019Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

GitLab CE/EE versions 8.18 up to 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1 have CRLF Injection in Project Mirroring when using the Git protocol.

Affected (6)

Products: Gitlab: Gitlab

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	From 11.4.0 to 11.4.8
Gitlab Gitlab	From 11.5.0 to 11.5.1
Gitlab Gitlab	From 8.18.0 to 11.3.11
Gitlab Gitlab	From 11.4.0 to 11.4.8
Gitlab Gitlab	From 11.5.0 to 11.5.1
Gitlab Gitlab	From 8.18.0 to 11.3.11

Related CWEs

Improper Neutralization of CRLF Sequences ('CRLF Injection')

The product uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs.

References (8)

http://packetstormsecurity.com/files/160516/GitLab-11.4.7-Remote-Code-Execution.html

Source: cve@mitre.org

http://packetstormsecurity.com/files/160699/GitLab-11.4.7-Remote-Code-Execution.html

Source: cve@mitre.org

https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/

Source: cve@mitre.org

Release NotesVendor Advisory

https://about.gitlab.com/blog/categories/releases/

Source: cve@mitre.org

Release NotesVendor Advisory

http://packetstormsecurity.com/files/160516/GitLab-11.4.7-Remote-Code-Execution.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://packetstormsecurity.com/files/160699/GitLab-11.4.7-Remote-Code-Execution.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://about.gitlab.com/blog/categories/releases/

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

Timeline

No history available yet.