CVE-2024-7110
Improper Neutralization of Special Elements used in a Command ('Command Injection') in GitLab
6.4
MEDIUM
CVSS 3.1
EPSS 0.10%
Description
An issue was discovered in GitLab EE affecting all versions starting 17.0 to 17.1.6, 17.2 prior to 17.2.4, and 17.3 prior to 17.3.1 allows an attacker to execute arbitrary command in a victim's pipeline through prompt injection.
How to fix CVE-2024-7110
To remediate CVE-2024-7110, upgrade the affected package to a fixed version below.
- —upgrade to 17.1.6 or later
Is CVE-2024-7110 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 17.1.0, < 17.1.6, >= 17.2.0, < 17.2.4, >= 17.3.0, < 17.3.1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.4 | CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N |