Gitlab has patched a critical vulnerability that could allow an attacker to execute code remotely.
The security issue, which has been rated as critical, has been discovered in all versions of GitLab, starting from 14.0 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1.
These versions contain important security fixes, and we strongly recommend that all GitLab installations be upgraded to one of these versions immediately. GitLab.com is already running the patched version.
An authenticated user could import a maliciously crafted project leading to remote code execution, an advisory from GitLab reads.
The bug (CVE-2022-2185) has been patched in the latest version.
Successful exploitation of the vulnerability may allow attackers to execute code remotely.
Git Lab strongly recommend that all installations running a version affected by the issues described below are upgraded to the latest version as soon as possible.