Tag
cve-2021-22205
Safeguard articles tagged "cve-2021-22205" — guides, analysis, and best practices for software supply chain and application security.
3 articles
Vulnerability Analysis
GitLab ExifTool RCE (CVE-2021-22205) Explained
An unauthenticated attacker could run code on a GitLab server just by uploading an image. The bug was not in GitLab at all — it was in ExifTool. Here is the full story.
Jul 1, 20265 min read
Vulnerability Analysis
GitLab ExifTool RCE (CVE-2021-22205)
CVE-2021-22205 let attackers RCE self-managed GitLab via a malicious ExifTool-parsed upload — no auth required. Here's the timeline and fix.
Jan 11, 20268 min read
DevSecOps
GitLab Unauthenticated RCE via ExifTool Image Processing ...
CVE-2021-22205 let attackers gain unauthenticated RCE on self-hosted GitLab via ExifTool image parsing. Here's the affected versions, severity, timeline, and fixes.
Nov 24, 20257 min read