CNNVD-202508-3173 Information

Aug 27, 2025 cve

CNNVD ID

CNNVD-202508-3173

CVE-2025-5101

CNNVD Published: 2025-08-27

Description (Chinese)

GitLab Enterprise Edition（EE）和GitLab Community Edition（CE）都是美国GitLab公司的产品。GitLab Enterprise Edition是一套内容管理系统。GitLab Community Edition是一种社区版 GitLab 。 GitLab CE/EE 18.1.5之前版本、18.2 18.2.5之前版本和18.3 18.3.1之前版本存在代码注入漏洞，该漏洞源于分支和标签处理不当，可能导致恶意代码分发。

Description (English)

GitLab Enterprise Edition (EE) and GitLab Community Edition (CE) are products of the United States company GitLab. GitLab Enterprise Edition is a content management system. GitLab Community Edition is a community version of GitLab. Prior to GitLab CE/EE 18.1.5, 18.2 18.2.5 and 18.3 18.3.1, there was a code-injecting gap, which stemmed from inappropriate handling of branches and labels and could lead to the distribution of malicious codes.

Hazard Level

High

Vulnerability Type

代码注入

Affected Vendor

GitLab

Published

2025-08-27

Last Modified

2026-02-24

References

https://hackerone.com/reports/3124199 https://gitlab.com/gitlab-org/gitlab/-/issues/545165 https://nvd.nist.gov/vuln/detail/CVE-2025-5101

Patch

https://about.gitlab.com/

Share on: