CalvinBackup/CVEs-PoC
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2026-05-30 04:59:31 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
dc6e2cf7158eeb24cfecb4d64f4f1da9a8a732e2
CVEs-PoC/2021/CVE-2021-22205.md
T
marc 555e9c7de4 Update Sat May 25 21:48:12 CEST 2024
2024-05-25 21:48:12 +02:00

121 lines
5.5 KiB
Markdown
Raw Blame History

### [CVE-2021-22205](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22205)
![](https://img.shields.io/static/v1?label=Product&message=GitLab&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=Improper%20control%20of%20generation%20of%20code%20('code%20injection')%20in%20GitLab&color=brighgreen)
### Description
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.
### POC
#### Reference
- http://packetstormsecurity.com/files/164768/GitLab-Unauthenticated-Remote-ExifTool-Command-Injection.html
- http://packetstormsecurity.com/files/164994/GitLab-13.10.2-Remote-Code-Execution.html
#### Github
- https://github.com/0x0021h/expbox
- https://github.com/0xget/cve-2001-1473
- https://github.com/0xn0ne/simple-scanner
- https://github.com/20142995/Goby
- https://github.com/20142995/pocsuite3
- https://github.com/20142995/sectool
- https://github.com/34zY/APT-Backpack
- https://github.com/84634E1A607A/thuctf-2022-wp
- https://github.com/ARPSyndicate/cvemon
- https://github.com/ARPSyndicate/kenzer-templates
- https://github.com/AkBanner/CVE-2021-22205
- https://github.com/Al1ex/CVE-2021-22205
- https://github.com/Awrrays/FrameVul
- https://github.com/CLincat/vulcat
- https://github.com/CVEDB/PoC-List
- https://github.com/CVEDB/awesome-cve-repo
- https://github.com/CVEDB/top
- https://github.com/DIVD-NL/GitLab-cve-2021-22205-nse
- https://github.com/FDlucifer/firece-fish
- https://github.com/GhostTroops/TOP
- https://github.com/GitLab-Red-Team/cve-hash-harvester
- https://github.com/Hatcat123/my_stars
- https://github.com/Hikikan/CVE-2021-22205
- https://github.com/HimmelAward/Goby_POC
- https://github.com/Loginsoft-LLC/Linux-Exploit-Detection
- https://github.com/Loginsoft-Research/Linux-Exploit-Detection
- https://github.com/Mr-xn/Penetration_Testing_POC
- https://github.com/Mr-zny/fofa_crawler
- https://github.com/NaInSec/CVE-PoC-in-GitHub
- https://github.com/NukingDragons/gitlab-cve-2021-22205
- https://github.com/Ostorlab/KEV
- https://github.com/Ostorlab/known_exploited_vulnerbilities_detectors
- https://github.com/Parker-Corbitt/CS4770_CVE
- https://github.com/Qclover/Gitlab_RCE_CVE_2021_22205
- https://github.com/SYRTI/POC_to_review
- https://github.com/SanStardust/POC-scan
- https://github.com/Seals6/CVE-2021-22205
- https://github.com/SexyBeast233/SecBooks
- https://github.com/Threekiii/Awesome-Exploit
- https://github.com/Threekiii/Awesome-POC
- https://github.com/Threekiii/Vulhub-Reproduce
- https://github.com/WhooAmii/POC_to_review
- https://github.com/X1pe0/Automated-Gitlab-RCE
- https://github.com/XTeam-Wing/CVE-2021-22205
- https://github.com/XiaoliChan/Xiaoli-Tools
- https://github.com/Z0fhack/Goby_POC
- https://github.com/ahmad4fifz/CVE-2021-22205
- https://github.com/al4xs/CVE-2021-22205-gitlab
- https://github.com/antx-code/CVE-2021-22205
- https://github.com/asdaweee/GitLabRCECVE-2021-22205-GUI
- https://github.com/bakery312/Vulhub-Reproduce
- https://github.com/binganao/vulns-2022
- https://github.com/c0okB/CVE-2021-22205
- https://github.com/dannymas/CVE-2021-22206
- https://github.com/devdanqtuan/CVE-2021-22205
- https://github.com/dial25sd/arf-vulnerable-vm
- https://github.com/faisalfs10x/GitLab-CVE-2021-22205-scanner
- https://github.com/findneo/GitLab-preauth-RCE_CVE-2021-22205
- https://github.com/hanc00l/pocGoby2Xray
- https://github.com/hanc00l/some_pocsuite
- https://github.com/heltsikker/hsctf22
- https://github.com/hh-hunter/cve-2021-22205
- https://github.com/hhhotdrink/CVE-2021-22205
- https://github.com/hktalent/TOP
- https://github.com/hktalent/bug-bounty
- https://github.com/honypot/CVE-2021-22205
- https://github.com/huimzjty/vulwiki
- https://github.com/inspiringz/CVE-2021-22205
- https://github.com/j5s/Polaris
- https://github.com/jas502n/GitlabVer
- https://github.com/jusk9527/GobyPoc
- https://github.com/k0mi-tg/CVE-POC
- https://github.com/keven1z/CVE-2021-22205
- https://github.com/kh4sh3i/Gitlab-CVE
- https://github.com/lions2012/Penetration_Testing_POC
- https://github.com/manas3c/CVE-POC
- https://github.com/momika233/cve-2021-22205-GitLab-13.10.2---Remote-Code-Execution-RCE-Unauthenticated-
- https://github.com/mr-r3bot/Gitlab-CVE-2021-22205
- https://github.com/nomi-sec/PoC-in-GitHub
- https://github.com/octane23/CASE-STUDY-1
- https://github.com/overgrowncarrot1/DejaVu-CVE-2021-22205
- https://github.com/pen4uin/awesome-vulnerability-research
- https://github.com/pen4uin/vulnerability-research
- https://github.com/pen4uin/vulnerability-research-list
- https://github.com/pizza-power/Golang-CVE-2021-22205-POC
- https://github.com/r0eXpeR/CVE-2021-22205
- https://github.com/ramimac/aws-customer-security-incidents
- https://github.com/runsel/GitLab-CVE-2021-22205-
- https://github.com/sanqiushu-ns/POC-scan
- https://github.com/shang159/CVE-2021-22205-getshell
- https://github.com/soosmile/POC
- https://github.com/superfish9/pt
- https://github.com/trganda/starrlist
- https://github.com/trhacknon/Pocingit
- https://github.com/w0x68y/Gitlab-CVE-2021-22205
- https://github.com/weeka10/-hktalent-TOP
- https://github.com/whoforget/CVE-POC
- https://github.com/whwlsfb/CVE-2021-22205
- https://github.com/winterwolf32/CVE-S---Penetration_Testing_POC-
- https://github.com/woods-sega/woodswiki
- https://github.com/xuetusummer/Penetration_Testing_POC
- https://github.com/youwizard/CVE-POC
- https://github.com/zecool/cve
Reference in New Issue View Git Blame Copy Permalink