GitLab patches RCE bug in GitHub import function


GitLab’s vulnerability made it possible for attackers to launch numerous assaults on GitLab servers, including the platform that is housed in the cloud. GitLab imports data from GitHub in a bug that may be used to execute instructions on the host server, according to security researcher ‘yvvdwf’.

GitLab makes use of the Octokit package, which offers a user interface for importing data from the GitHub API. Octokit makes use of the HTTP client library Sawyer to retrieve and display its results. Read More…