GitLab patches RCE bug in GitHub import function
13-Oct-22
GitLab’s vulnerability made it possible for attackers to launch numerous assaults on GitLab servers, including the GitLab.com platform that is housed in the cloud. GitLab imports data from GitHub in a bug that may be used to execute instructions on the host server, according to security researcher ‘yvvdwf’.
GitLab makes use of the Octokit package, which offers a user interface for importing data from the GitHub API. Octokit makes use of the HTTP client library Sawyer to retrieve and display its results. Read More…
