VYPR
Unrated severityNVD Advisory· Published Aug 8, 2024· Updated Sep 17, 2024

Improper Control of Generation of Code ('Code Injection') in GitLab

CVE-2024-3958

Description

An issue has been discovered in GitLab CE/EE affecting all versions before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. An issue was found that allows someone to abuse a discrepancy between the Web application display and the git command line interface to social engineer victims into cloning non-trusted code.

Affected products

3
  • GitLab Inc./GitLabv52 versions
    cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*range: 0
    • (no CPE)range: >=16.0.0 <17.0.6, >=17.1.0 <17.1.4, >=17.2.0 <17.2.2
  • osv-coords
    Range: < 17.0.6

Patches

Vulnerability mechanics

References

2

News mentions

1