VDB

CVE-2017-12426

CVE-2017-12426 PUBLISHED

GitLab Community Edition (CE) and Enterprise Edition (EE) before 8.17.8, 9.0.x before 9.0.13, 9.1.x before 9.1.10, 9.2.x before 9.2.10, 9.3.x before 9.3.10, and 9.4.x before 9.4.4 might allow remote attackers to execute arbitrary code via a crafted SSH URL in a project import.

EPSS 0.64% · 70.8th percentile

Risk Scores

EPSS Score
0.64%
70.8th percentile

Affected Products

VendorProductVersions
Ubuntu:16.04:LTSgitlab0, 8.4.3+dfsg-12, 8.5.8+dfsg-5

Timeline

  • Aug 14, 2017 CVE Published
  • Apr 14, 2021 EPSS Score
  • Mar 17, 2025 EPSS Score
  • Mar 19, 2025 EPSS Score
  • Mar 21, 2025 EPSS Score
  • Mar 27, 2025 EPSS Score
  • Mar 29, 2025 EPSS Score
  • Mar 30, 2025 EPSS Score
  • Apr 8, 2025 EPSS Score
  • Apr 9, 2025 EPSS Score
  • Apr 15, 2025 EPSS Score
  • Apr 16, 2025 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›