all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

GitLab GitHub Repo Import Deserialization Remote Code Execution

Add to bookmarks
Feb. 15, 2023, 6:22 p.m. |

Packet Storm packetstormsecurity.com

An authenticated user can import a repository from GitHub into GitLab. If a user attempts to import a repo from an attacker-controlled server, the server will reply with a Redis serialization protocol object in the nested default_branch. GitLab will cache this object and then deserialize it when trying to load a user session, resulting in remote code execution.

cache code code execution deserialization github gitlab import nested object protocol redis remote code remote code execution repo repository serialization server session

Visit resource

More from packetstormsecurity.com / Packet Storm

Apache Solr Backup/Restore API Remote Code Execution 23 hours ago | packetstormsecurity.com
11.2 apache apache solr api +17
Ubuntu Security Notice USN-6748-1 23 hours ago | packetstormsecurity.com
attack attacker cross-site issue +9
Ubuntu Security Notice USN-6747-1 23 hours ago | packetstormsecurity.com
arbitrary code attacker code denial of service +16
Ubuntu Security Notice USN-6742-2 23 hours ago | packetstormsecurity.com
attacker authentication bluetooth connections +11
Relate Learning And Teaching System SSTI / Remote Code Execution 23 hours ago | packetstormsecurity.com
batch code code execution exam +13
Nginx 1.25.5 Host Header Validation 23 hours ago | packetstormsecurity.com
bug header host malice +2
Red Hat Security Advisory 2024-2033-03 23 hours ago | packetstormsecurity.com
advisory enterprise libreswan linux +5
Red Hat Security Advisory 2024-2011-03 23 hours ago | packetstormsecurity.com
advisory buffer buffer overflow buffer overflow vulnerability +12
Red Hat Security Advisory 2024-2010-03 23 hours ago | packetstormsecurity.com
advisory components crlf injection denial of service +19

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Cloud Technical Solutions Engineer, Security

@ Google | Mexico City, CDMX, Mexico
View on infosec-jobs.com

Assoc Eng Equipment Engineering

@ GlobalFoundries | SGP - Woodlands
View on infosec-jobs.com

Staff Security Engineer, Cloud Infrastructure

@ Flexport | Bellevue, WA; San Francisco, CA
View on infosec-jobs.com

Software Engineer III, Google Cloud Security and Privacy

@ Google | Sunnyvale, CA, USA
View on infosec-jobs.com

Software Engineering Manager II, Infrastructure, Google Cloud Security and Privacy

@ Google | San Francisco, CA, USA; Sunnyvale, CA, USA
View on infosec-jobs.com
View more jobs