VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published May 13, 2014· Updated May 6, 2026

CVE-2013-4490

CVE-2013-4490

Description

The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before 1.7.3, as used in GitLab 5.0 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the public key.

Affected products

21
  • GitLab Inc./GitLab11 versions
    cpe:2.3:a:gitlab:gitlab:5.0.0:*:*:*:*:*:*:*+ 10 more
    • cpe:2.3:a:gitlab:gitlab:5.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:gitlab:gitlab:5.0.1:*:*:*:*:*:*:*
    • cpe:2.3:a:gitlab:gitlab:5.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:gitlab:gitlab:5.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:gitlab:gitlab:5.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:gitlab:gitlab:5.4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:gitlab:gitlab:6.0.0:*:*:*:*:*:*:*
    • cpe:2.3:a:gitlab:gitlab:6.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:gitlab:gitlab:6.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:gitlab:gitlab:6.2.1:*:*:*:*:*:*:*
    • cpe:2.3:a:gitlab:gitlab:6.2.2:*:*:*:*:*:*:*
  • GitLab Inc./Gitlab Shell10 versions
    cpe:2.3:a:gitlab:gitlab-shell:*:*:*:*:*:*:*:*+ 9 more
    • cpe:2.3:a:gitlab:gitlab-shell:*:*:*:*:*:*:*:*range: <=1.7.2
    • cpe:2.3:a:gitlab:gitlab-shell:1.0.4:*:*:*:*:*:*:*
    • cpe:2.3:a:gitlab:gitlab-shell:1.1.0:*:*:*:*:*:*:*
    • cpe:2.3:a:gitlab:gitlab-shell:1.2.0:*:*:*:*:*:*:*
    • cpe:2.3:a:gitlab:gitlab-shell:1.3.0:*:*:*:*:*:*:*
    • cpe:2.3:a:gitlab:gitlab-shell:1.4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:gitlab:gitlab-shell:1.5.0:*:*:*:*:*:*:*
    • cpe:2.3:a:gitlab:gitlab-shell:1.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:gitlab:gitlab-shell:1.7.0:*:*:*:*:*:*:*
    • cpe:2.3:a:gitlab:gitlab-shell:1.7.1:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

News mentions

0

No linked articles in our index yet.