VYPR
Unrated severityNVD Advisory· Published Mar 13, 2025· Updated Mar 13, 2025

Improper Neutralization of Special Elements used in a Command ('Command Injection') in GitLab

CVE-2024-8402

Description

An issue was discovered in GitLab EE affecting all versions starting from 17.2 before 17.7.7, all versions starting from 17.8 before 17.8.5, all versions starting from 17.9 before 17.9.2. An input validation issue in the Google Cloud IAM integration feature could have enabled a Maintainer to introduce malicious code.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • GitLab Inc./GitLabv52 versions
    cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*range: 17.2
    • (no CPE)range: >=17.2 <17.7.7 || >=17.8 <17.8.5 || >=17.9 <17.9.2
  • osv-coords
    Range: >= 17.2.0, < 17.9.2

Patches

Vulnerability mechanics

References

2

News mentions

1