CVE-2021-22230
published 2021-07-07CVE-2021-22230: Improper code rendering while rendering merge requests could be exploited to submit malicious code. This vulnerability affects GitLab CE/EE 9.3 and later…
PriorityP341high7.2CVSS 3.1
AVNACLPRHUINSUCHIHAH
EPSS
0.97%
57.3th percentile
Improper code rendering while rendering merge requests could be exploited to submit malicious code. This vulnerability affects GitLab CE/EE 9.3 and later through 13.11.6, 13.12.6, and 14.0.2.
Affected
9 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | gitlab | < gitlab 15.10.8+ds1-2 (sid) | gitlab 15.10.8+ds1-2 (sid) |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | — | — |
| gitlab | gitlab | >= 13.12.0 < 13.12.6 | 13.12.6 |
| gitlab | gitlab | >= 14.0.0 < 14.0.2 | 14.0.2 |
| gitlab | gitlab | >= 9.3.0 < 13.11.6 | 13.11.6 |
| gitlab | gitlab_ce | — | — |
CVSS provenance
nvdv3.17.2HIGHCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:P
osv7.2HIGH
vendor_debian4.9MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GitLab
CVE-2021-22230: Improper code rendering while rendering merge requests could be exploited to submit malicious code. This vulnerability affects GitLab CE/EE 9.3 and la
vendor_gitlab·2021-07-07·CVSS 4.9
CVE-2021-22230 [MEDIUM] CVE-2021-22230: Improper code rendering while rendering merge requests could be exploited to submit malicious code. This vulnerability affects GitLab CE/EE 9.3 and la
CVE-2021-22230: Improper code rendering while rendering merge requests could be exploited to submit malicious code. This vulnerability affects GitLab CE/EE 9.3 and later through 13.11.6, 13.12.6, and 14.0.2.
Debian
CVE-2021-22230: gitlab - Improper code rendering while rendering merge requests could be exploited to sub...
vendor_debian·2021·CVSS 4.9
CVE-2021-22230 [MEDIUM] CVE-2021-22230: gitlab - Improper code rendering while rendering merge requests could be exploited to sub...
Improper code rendering while rendering merge requests could be exploited to submit malicious code. This vulnerability affects GitLab CE/EE 9.3 and later through 13.11.6, 13.12.6, and 14.0.2.
Scope: local
sid: resolved (fixed in 15.10.8+ds1-2)
GHSA
GHSA-r6rg-m239-gjp4: Improper code rendering while rendering merge requests could be exploited to submit malicious code
ghsa_unreviewed·2022-05-24
CVE-2021-22230 [HIGH] GHSA-r6rg-m239-gjp4: Improper code rendering while rendering merge requests could be exploited to submit malicious code
Improper code rendering while rendering merge requests could be exploited to submit malicious code. This vulnerability affects GitLab CE/EE 9.3 and later through 13.11.6, 13.12.6, and 14.0.2.
OSV
CVE-2021-22230: Improper code rendering while rendering merge requests could be exploited to submit malicious code
osv·2021-07-07·CVSS 7.2
CVE-2021-22230 [HIGH] CVE-2021-22230: Improper code rendering while rendering merge requests could be exploited to submit malicious code
Improper code rendering while rendering merge requests could be exploited to submit malicious code. This vulnerability affects GitLab CE/EE 9.3 and later through 13.11.6, 13.12.6, and 14.0.2.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2021-07-07
Published