Unrated severityNVD Advisory· Published Aug 22, 2024· Updated Sep 17, 2024
Improper Neutralization of Special Elements used in a Command ('Command Injection') in GitLab
CVE-2024-7110
Description
An issue was discovered in GitLab EE affecting all versions starting 17.0 to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 allows an attacker to execute arbitrary command in a victim's pipeline through prompt injection.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*range: 17.1
- (no CPE)range: >=17.0, <=17.1.6 || >=17.2, <17.2.4 || >=17.3, <17.3.1
Patches
Vulnerability mechanics
References
1- gitlab.com/gitlab-org/gitlab/-/issues/472603mitreissue-trackingpermissions-required
News mentions
1- GitLab Patch Release: 17.3.1, 17.2.4, 17.1.6GitLab Security Releases · Aug 21, 2024