VYPR

Gitaly

by GitLab Inc.

gem: gitaly

CVEs (2)

  • CVE-2019-14944Apr 15, 2023
    risk 0.01cvss epss 0.02

    An issue was discovered in GitLab Community and Enterprise Edition before 11.11.8, 12 before 12.0.6, and 12.1 before 12.1.6. Gitaly allows injection of command-line flags. This sometimes leads to privilege escalation or remote code execution.

  • CVE-2020-13353Nov 17, 2020
    risk 0.00cvss epss 0.00

    When importing repos via URL, one time use git credentials were persisted beyond the expected time window in Gitaly 1.79.0 or above.