Critical severity9.8NVD Advisory· Published Jul 18, 2018· Updated Jun 17, 2026
CVE-2018-14364
CVE-2018-14364
Description
GitLab Community and Enterprise Edition before 10.7.7, 10.8.x before 10.8.6, and 11.x before 11.0.4 allows Directory Traversal with write access and resultant remote code execution via the GitLab projects import component.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
6- Range: <10.7.7, 10.8.x<10.8.6, 11.x<11.0.4
- Range: <10.7.7, 10.8.x<10.8.6, 11.x<11.0.4
- osv-coords4 versionspkg:apk/chainguard/gitlab-operatorpkg:apk/chainguard/gitlab-operator-chartspkg:apk/chainguard/gitlab-operator-compatpkg:apk/chainguard/gitlab-operator-fips
< 0+ 3 more
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
- (no CPE)range: < 0
Patches
Vulnerability mechanics
References
3- gitlab.com/gitlab-org/gitlab-ce/issues/49133nvdExploitVendor Advisory
- hackerone.com/reports/378148nvdExploitThird Party Advisory
- about.gitlab.com/2018/07/17/critical-security-release-gitlab-11-dot-0-dot-4-released/nvdVendor Advisory
News mentions
0No linked articles in our index yet.