CVE-2021-22234

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-22234
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-22234.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-22234
Aliases
Downstream
Published
2021-08-05T21:15:10.870Z
Modified
2026-04-10T04:30:00.247852Z
Severity
  • 6.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N CVSS Calculator
Summary
[none]
Details

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.11 before 13.11.7, all versions starting from 13.12 before 13.12.8, and all versions starting from 14.0 before 14.0.4. A specially crafted design image allowed attackers to read arbitrary files on the server.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
47f41a4a74f364c731aafd34a93bddb630f62230
Last affected
1c6dc95d18b0c11ea2614f55f493d006a13f8460
Introduced
47f41a4a74f364c731aafd34a93bddb630f62230
Last affected
1c6dc95d18b0c11ea2614f55f493d006a13f8460
Introduced
12a3ec8fb4a540576b2d47247bc86ea7e2c7565b
Last affected
6ab58f00404600c0c75dc6f55a75549fc167f7b7
Introduced
12a3ec8fb4a540576b2d47247bc86ea7e2c7565b
Last affected
6ab58f00404600c0c75dc6f55a75549fc167f7b7
Introduced
0034acfc891b0cbc2ecc4aa4c5ca0d1f89e3c32f
Last affected
adffb86f1547bca2da99b253fce56cd244c8a69d
Introduced
0034acfc891b0cbc2ecc4aa4c5ca0d1f89e3c32f
Last affected
adffb86f1547bca2da99b253fce56cd244c8a69d
Database specific 
{
    "versions": [
        {
            "introduced": "13.11.0"
        },
        {
            "last_affected": "13.11.7"
        },
        {
            "introduced": "13.11.0"
        },
        {
            "last_affected": "13.11.7"
        },
        {
            "introduced": "13.12.0"
        },
        {
            "last_affected": "13.12.8"
        },
        {
            "introduced": "13.12.0"
        },
        {
            "last_affected": "13.12.8"
        },
        {
            "introduced": "14.0.0"
        },
        {
            "last_affected": "14.0.4"
        },
        {
            "introduced": "14.0.0"
        },
        {
            "last_affected": "14.0.4"
        }
    ]
}

Affected versions

v13.*
v13.11.0-ee
v13.11.1-ee
v13.11.3-ee
v13.11.4-ee
v13.11.7-ee
v13.12.0-ee
v13.12.1-ee
v13.12.3-ee
v13.12.4-ee
v13.12.5-ee
v13.12.7-ee
v13.12.8-ee
v14.*
v14.0.0-ee
v14.0.1-ee
v14.0.3-ee
v14.0.4-ee

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-22234.json"