GitLab patches critical remote code execution bug


A security update for GitLab has been released to fix a serious vulnerability that might result in remote code execution (RCE). According to a GitLab advisory, the flaw might allow a logged-in user to execute code remotely using the “Import from GitHub API” endpoint.

The security flaw, identified as CVE-2022-2884, affects GitLab Community Edition (CE) and Enterprise Edition (EE) versions 11.3.4 through 15.1.5, all versions beginning with 15.2 through 15.2.3, and all versions beginning with 15.3 through 15.3.1. Read More…