{"id":25171,"date":"2022-08-25T16:35:56","date_gmt":"2022-08-25T16:35:56","guid":{"rendered":"https:\/\/www.esecurityplanet.com\/?p=25171"},"modified":"2022-08-25T16:35:58","modified_gmt":"2022-08-25T16:35:58","slug":"gitlab-patches-critical-rce","status":"publish","type":"post","link":"https:\/\/www.esecurityplanet.com\/threats\/gitlab-patches-critical-rce\/","title":{"rendered":"GitLab Patches Critical RCE in Community and Enterprise Editions"},"content":{"rendered":"\n<p>The widely-used DevOps platform GitLab has <a href=\"https:\/\/about.gitlab.com\/releases\/2022\/08\/22\/critical-security-release-gitlab-15-3-1-released\/\" target=\"_blank\" rel=\"noreferrer noopener\">released<\/a> critical security updates for its Community Edition (CE) and Enterprise Edition (EE).<\/p>\n\n\n\n<p>&nbsp;The vulnerability was reported for a number of versions of GitLab CE\/EE:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>all versions starting from 11.3.4 before 15.1.5<\/li><li>all versions starting from 15.2 before 15.2.3<\/li><li>all versions starting from 15.3 before 15.3.1<\/li><\/ul>\n\n\n\n<p>Affected versions allow an authenticated user to pass arbitrary commands remotely by exploiting the import from the GitHub API endpoint. The remote command execution (RCE) vulnerability has been recorded as <a href=\"https:\/\/cve.mitre.org\/cgi-bin\/cvename.cgi?name=CVE-2022-2884\" target=\"_blank\" rel=\"noreferrer noopener\">CVE-2022-2884<\/a> and rated a 9.9 \u2014 just 0.1 from the highest severity level.<\/p>\n\n\n\n<p>GitLab is a hugely popular open core platform, with 30 million registered users. It allows dev teams to host and manage Git repositories remotely. It also provides DevOps features like CI\/CD pipelines for automated deployment (GitLab Runner).<\/p>\n\n\n\n<p>Also read: <a href=\"https:\/\/www.esecurityplanet.com\/applications\/ci-cd-pipeline-software-supply-chain-risk\/\">CI\/CD Pipeline is Major Software Supply Chain Risk: Black Hat Researchers<\/a><\/p>\n\n\n\n<h2 class=\"wp-block-heading\"><strong>GitLab Instances Must Be Patched Immediately<\/strong><\/h2>\n\n\n\n<p>GitLab.com has already been patched, but users can install, administer, and maintain their own instance that still requires patching. If you run a vulnerable installation, you should upgrade to 15.3.1, 15.2.3, or 15.1.5 as soon as possible. GitLab provides helpful <a href=\"https:\/\/about.gitlab.com\/update\/\" target=\"_blank\" rel=\"noreferrer noopener\">guides<\/a> to help you update your instance.<\/p>\n\n\n\n<p>For those who can\u2019t upgrade immediately, the only workaround is to disable GitHub as an import source under Menu &gt; Admin &gt; Settings &gt; General &gt; Visibility and access controls. GitLab recommends that its users test the workaround by creating a new project to ensure \u201cGitHub\u201d is no longer available in the import options.<\/p>\n\n\n\n<p>RCE vulnerabilities are critical flaws that allow hackers to inject malicious instructions to break into the targeted systems. When such vulnerabilities are disclosed publicly, cybercriminals usually exploit them actively, so fixes must be applied quickly.<\/p>\n\n\n\n<p><strong>Further reading<\/strong>:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/www.esecurityplanet.com\/applications\/top-code-debugging-and-code-security-tools\/\">Top Code Debugging and Code Security Tools<\/a><\/li><li><a href=\"https:\/\/www.esecurityplanet.com\/products\/patch-management-software\/\">Best Patch Management Software &amp; Tools<\/a><\/li><\/ul>\n\n\n<div id=\"ta-campaign-widget-66d6f18d84787-popup-wrapper\" class=\"ta-campaign-widget__popup-wrapper\">\n    \n<div\n    style=\"\n        --ta-campaign-plugin-primary: #3545ed;\n        --ta-campaign-plugin-button-text: #fff;\n        --ta-campaign-plugin-button-hover-background: #3231b4;\n        --ta-campaign-plugin-button-hover-text: #fff;\n        --ta-campaign-plugin-button-toggle-background: #3231b4;\n        --ta-campaign-plugin-button-toggle-text: #3231B4;\n    \"\n    data-ajax-url=\"https:\/\/www.esecurityplanet.com\/wp\/wp-admin\/admin-ajax.php\">\n    <div\n        id=\"ta-campaign-widget-66d6f18d84787\"\n        class=\"ta-campaign-widget ta-campaign-widget--popup\"\n        data-campaign-fields='{\"properties\":{\"campaign_type\":\"popup\",\"campaign_category\":false,\"sailthru_list\":[\"cybersecurity-insider\"],\"popup_type\":\"exit_intent\",\"appearance\":{\"colors\":{\"primary_color\":\"#3545ed\",\"button\":{\"button_text_color\":\"#fff\",\"hover\":{\"button_hover_background_color\":\"#3231b4\",\"button_hover_text_color\":\"#fff\"},\"toggle\":{\"button_toggle_background_color\":\"#3231b4\",\"button_toggle_text_color\":\"#3231B4\"}}},\"custom_scss\":\"\"},\"behavior\":{\"opt_in_enabled\":true},\"language\":{\"tagline\":\"Get the Free Cybersecurity Newsletter\",\"subtagline\":\"\",\"content\":\"Strengthen your organization&#39;s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday\",\"email_placeholder\":\"Work Email Address\",\"opt_in\":\"By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.\",\"subscribe_button\":\"Subscribe\"}},\"identifier\":\"66d6f18d84787\",\"campaign_id\":26045,\"campaign_type\":\"popup\",\"popup_type\":\"exit_intent\",\"newsletters\":[\"cybersecurity-insider\"],\"behavior\":{\"opt_in_enabled\":true},\"appearance\":{\"colors\":{\"primary\":\"#3545ed\",\"button\":{\"text\":\"#fff\",\"hover\":{\"background\":\"#3231b4\",\"text\":\"#fff\"},\"toggle\":{\"background\":\"#3231b4\",\"text\":\"#3231B4\"}}},\"custom_css\":\"\"},\"language\":{\"tagline\":\"Get the Free Cybersecurity Newsletter\",\"subtagline\":\"\",\"content\":\"Strengthen your organization&#39;s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday\",\"email_placeholder\":\"Work Email Address\",\"opt_in\":\"By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.\",\"subscribe_button\":\"Subscribe\"}}'>\n\n                <div class=\"ta-campaign-widget__exit\">\n            <svg class=\"w-8\" fill=\"none\" stroke=\"currentColor\" stroke-width=\"1.5\" viewBox=\"0 0 24 24\" xmlns=\"http:\/\/www.w3.org\/2000\/svg\" aria-hidden=\"true\">\n                <path stroke-linecap=\"round\" stroke-linejoin=\"round\" d=\"M6 18L18 6M6 6l12 12\"><\/path>\n            <\/svg>\n        <\/div>\n        \n        <div class=\"ta-campaign-widget__wrapper\">\n            <div class=\"ta-campaign-widget__header mb-6\">\n                                <h3 class=\"ta-campaign-widget__tagline\">\n                    Get the Free Cybersecurity Newsletter                <\/h3>\n                \n                \n                                <p class=\"ta-campaign-widget__content mt-6\">\n                    Strengthen your organization's IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday                <\/p>\n                            <\/div>\n\n            <form class=\"ta-campaign-widget__form\">\n                <div class=\"ta-campaign-widget__input mb-4\"  data-field=\"email\">\n                    <label\n                        class=\"sr-only\"\n                        for=\"email-66d6f18d84787\">\n                        Email Address\n                    <\/label>\n                    <input\n                        class=\"ta-campaign-widget__input__text\"\n                        placeholder=\"Work Email Address\"\n                        id=\"email-66d6f18d84787\"\n                        name=\"email\"\n                        type=\"email\">\n                <\/div>\n\n                                <div class=\"ta-campaign-widget__checkbox mb-4\" data-field=\"opt_in\">\n                    <div class=\"flex items-start\">\n                        <input\n                            id=\"opt-in-66d6f18d84787\"\n                            class=\"ta-campaign-widget__checkbox__input mr-2\"\n                            name=\"opt-in\"\n                            type=\"checkbox\"\/>\n                        <label\n                            class=\"ta-campaign-widget__checkbox__label\"\n                            for=\"opt-in-66d6f18d84787\">\n                            By signing up to receive our newsletter, you agree to our Terms of Use and Privacy Policy. You can unsubscribe at any time.                        <\/label>\n                    <\/div>\n                <\/div>\n                \n                <button class=\"ta-campaign-widget__button\" type=\"submit\" >\n                    Subscribe                <\/button>\n            <\/form>\n        <\/div>\n    <\/div>\n<\/div>\n\n<style>\n<\/style><\/div>\n","protected":false},"excerpt":{"rendered":"<p>The widely-used DevOps platform GitLab has released critical security updates for its Community Edition (CE) and Enterprise Edition (EE). &nbsp;The vulnerability was reported for a number of versions of GitLab CE\/EE: all versions starting from 11.3.4 before 15.1.5 all versions starting from 15.2 before 15.2.3 all versions starting from 15.3 before 15.3.1 Affected versions allow [&hellip;]<\/p>\n","protected":false},"author":267,"featured_media":19078,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_gazelle_contributing_experts":"","footnotes":""},"categories":[15],"tags":[27830,3790,31951,31950,23006,730,5277],"b2b_audience":[33],"b2b_industry":[],"b2b_product":[382,82],"class_list":["post-25171","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-threats","tag-code-security","tag-cybersecurity","tag-github","tag-gitlab","tag-patch-management","tag-security","tag-web-security","b2b_audience-awareness-and-consideration","b2b_product-application-security-vulnerability-management","b2b_product-security-development"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v22.9 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>GitLab Patches Critical RCE in Community and Enterprise Editions | eSecurity Planet<\/title>\n<meta name=\"description\" content=\"The GitLab DevOps platform has released fixes for a critical remote code execution vulnerability, urging users to patch ASAP.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.esecurityplanet.com\/threats\/gitlab-patches-critical-rce\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"GitLab Patches Critical RCE in Community and Enterprise Editions | eSecurity Planet\" \/>\n<meta property=\"og:description\" content=\"The GitLab DevOps platform has released fixes for a critical remote code execution vulnerability, urging users to patch ASAP.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.esecurityplanet.com\/threats\/gitlab-patches-critical-rce\/\" \/>\n<meta property=\"og:site_name\" content=\"eSecurity Planet\" \/>\n<meta property=\"article:published_time\" content=\"2022-08-25T16:35:56+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2022-08-25T16:35:58+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/assets.esecurityplanet.com\/uploads\/2021\/08\/collaboration1200-2.png\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"600\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"Julien Maury\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@eSecurityPlanet\" \/>\n<meta name=\"twitter:site\" content=\"@eSecurityPlanet\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Julien Maury\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/gitlab-patches-critical-rce\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/gitlab-patches-critical-rce\/\"},\"author\":{\"name\":\"Julien Maury\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/4723f5dca54d7ee1d8111912ac8b1d4a\"},\"headline\":\"GitLab Patches Critical RCE in Community and Enterprise Editions\",\"datePublished\":\"2022-08-25T16:35:56+00:00\",\"dateModified\":\"2022-08-25T16:35:58+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/gitlab-patches-critical-rce\/\"},\"wordCount\":305,\"publisher\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/gitlab-patches-critical-rce\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2021\/08\/collaboration1200-2.png\",\"keywords\":[\"code security\",\"cybersecurity\",\"GitHub\",\"GitLab\",\"Patch Management\",\"security\",\"Web security\"],\"articleSection\":[\"Threats\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/gitlab-patches-critical-rce\/\",\"url\":\"https:\/\/www.esecurityplanet.com\/threats\/gitlab-patches-critical-rce\/\",\"name\":\"GitLab Patches Critical RCE in Community and Enterprise Editions | eSecurity Planet\",\"isPartOf\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/gitlab-patches-critical-rce\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/gitlab-patches-critical-rce\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2021\/08\/collaboration1200-2.png\",\"datePublished\":\"2022-08-25T16:35:56+00:00\",\"dateModified\":\"2022-08-25T16:35:58+00:00\",\"description\":\"The GitLab DevOps platform has released fixes for a critical remote code execution vulnerability, urging users to patch ASAP.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/gitlab-patches-critical-rce\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.esecurityplanet.com\/threats\/gitlab-patches-critical-rce\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/gitlab-patches-critical-rce\/#primaryimage\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2021\/08\/collaboration1200-2.png\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2021\/08\/collaboration1200-2.png\",\"width\":1200,\"height\":600,\"caption\":\"code security\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.esecurityplanet.com\/threats\/gitlab-patches-critical-rce\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.esecurityplanet.com\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"GitLab Patches Critical RCE in Community and Enterprise Editions\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#website\",\"url\":\"https:\/\/www.esecurityplanet.com\/\",\"name\":\"eSecurity Planet\",\"description\":\"Industry-leading guidance and analysis for how to keep your business secure.\",\"publisher\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.esecurityplanet.com\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#organization\",\"name\":\"eSecurityPlanet\",\"url\":\"https:\/\/www.esecurityplanet.com\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png\",\"width\":1134,\"height\":375,\"caption\":\"eSecurityPlanet\"},\"image\":{\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/x.com\/eSecurityPlanet\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/4723f5dca54d7ee1d8111912ac8b1d4a\",\"name\":\"Julien Maury\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/02\/JulienMaury-AvatarImg-150x150.webp\",\"contentUrl\":\"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/02\/JulienMaury-AvatarImg-150x150.webp\",\"caption\":\"Julien Maury\"},\"description\":\"eSecurity Planet contributor Julien Maury writes about penetration testing, code security, open source security and more. He is a backend developer, a mentor and a technical writer who enjoys sharing his knowledge and learning new concepts.\",\"url\":\"https:\/\/www.esecurityplanet.com\/author\/jmaury\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"GitLab Patches Critical RCE in Community and Enterprise Editions | eSecurity Planet","description":"The GitLab DevOps platform has released fixes for a critical remote code execution vulnerability, urging users to patch ASAP.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.esecurityplanet.com\/threats\/gitlab-patches-critical-rce\/","og_locale":"en_US","og_type":"article","og_title":"GitLab Patches Critical RCE in Community and Enterprise Editions | eSecurity Planet","og_description":"The GitLab DevOps platform has released fixes for a critical remote code execution vulnerability, urging users to patch ASAP.","og_url":"https:\/\/www.esecurityplanet.com\/threats\/gitlab-patches-critical-rce\/","og_site_name":"eSecurity Planet","article_published_time":"2022-08-25T16:35:56+00:00","article_modified_time":"2022-08-25T16:35:58+00:00","og_image":[{"width":1200,"height":600,"url":"https:\/\/assets.esecurityplanet.com\/uploads\/2021\/08\/collaboration1200-2.png","type":"image\/png"}],"author":"Julien Maury","twitter_card":"summary_large_image","twitter_creator":"@eSecurityPlanet","twitter_site":"@eSecurityPlanet","twitter_misc":{"Written by":"Julien Maury","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.esecurityplanet.com\/threats\/gitlab-patches-critical-rce\/#article","isPartOf":{"@id":"https:\/\/www.esecurityplanet.com\/threats\/gitlab-patches-critical-rce\/"},"author":{"name":"Julien Maury","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/4723f5dca54d7ee1d8111912ac8b1d4a"},"headline":"GitLab Patches Critical RCE in Community and Enterprise Editions","datePublished":"2022-08-25T16:35:56+00:00","dateModified":"2022-08-25T16:35:58+00:00","mainEntityOfPage":{"@id":"https:\/\/www.esecurityplanet.com\/threats\/gitlab-patches-critical-rce\/"},"wordCount":305,"publisher":{"@id":"https:\/\/www.esecurityplanet.com\/#organization"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/threats\/gitlab-patches-critical-rce\/#primaryimage"},"thumbnailUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2021\/08\/collaboration1200-2.png","keywords":["code security","cybersecurity","GitHub","GitLab","Patch Management","security","Web security"],"articleSection":["Threats"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.esecurityplanet.com\/threats\/gitlab-patches-critical-rce\/","url":"https:\/\/www.esecurityplanet.com\/threats\/gitlab-patches-critical-rce\/","name":"GitLab Patches Critical RCE in Community and Enterprise Editions | eSecurity Planet","isPartOf":{"@id":"https:\/\/www.esecurityplanet.com\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.esecurityplanet.com\/threats\/gitlab-patches-critical-rce\/#primaryimage"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/threats\/gitlab-patches-critical-rce\/#primaryimage"},"thumbnailUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2021\/08\/collaboration1200-2.png","datePublished":"2022-08-25T16:35:56+00:00","dateModified":"2022-08-25T16:35:58+00:00","description":"The GitLab DevOps platform has released fixes for a critical remote code execution vulnerability, urging users to patch ASAP.","breadcrumb":{"@id":"https:\/\/www.esecurityplanet.com\/threats\/gitlab-patches-critical-rce\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.esecurityplanet.com\/threats\/gitlab-patches-critical-rce\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/threats\/gitlab-patches-critical-rce\/#primaryimage","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2021\/08\/collaboration1200-2.png","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2021\/08\/collaboration1200-2.png","width":1200,"height":600,"caption":"code security"},{"@type":"BreadcrumbList","@id":"https:\/\/www.esecurityplanet.com\/threats\/gitlab-patches-critical-rce\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.esecurityplanet.com\/"},{"@type":"ListItem","position":2,"name":"GitLab Patches Critical RCE in Community and Enterprise Editions"}]},{"@type":"WebSite","@id":"https:\/\/www.esecurityplanet.com\/#website","url":"https:\/\/www.esecurityplanet.com\/","name":"eSecurity Planet","description":"Industry-leading guidance and analysis for how to keep your business secure.","publisher":{"@id":"https:\/\/www.esecurityplanet.com\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.esecurityplanet.com\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.esecurityplanet.com\/#organization","name":"eSecurityPlanet","url":"https:\/\/www.esecurityplanet.com\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2020\/10\/eSecurity_logo_MainLogo.png","width":1134,"height":375,"caption":"eSecurityPlanet"},"image":{"@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/eSecurityPlanet"]},{"@type":"Person","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/4723f5dca54d7ee1d8111912ac8b1d4a","name":"Julien Maury","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esecurityplanet.com\/#\/schema\/person\/image\/","url":"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/02\/JulienMaury-AvatarImg-150x150.webp","contentUrl":"https:\/\/assets.esecurityplanet.com\/uploads\/2023\/02\/JulienMaury-AvatarImg-150x150.webp","caption":"Julien Maury"},"description":"eSecurity Planet contributor Julien Maury writes about penetration testing, code security, open source security and more. He is a backend developer, a mentor and a technical writer who enjoys sharing his knowledge and learning new concepts.","url":"https:\/\/www.esecurityplanet.com\/author\/jmaury\/"}]}},"_links":{"self":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts\/25171"}],"collection":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/users\/267"}],"replies":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/comments?post=25171"}],"version-history":[{"count":0,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/posts\/25171\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/media\/19078"}],"wp:attachment":[{"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/media?parent=25171"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/categories?post=25171"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/tags?post=25171"},{"taxonomy":"b2b_audience","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_audience?post=25171"},{"taxonomy":"b2b_industry","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_industry?post=25171"},{"taxonomy":"b2b_product","embeddable":true,"href":"https:\/\/www.esecurityplanet.com\/wp-json\/wp\/v2\/b2b_product?post=25171"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}