GCVE - cpe:2.3:a:gitlab:gitlab-shell:1.2.0:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:gitlab:gitlab-shell:1.2.0:*:*:*:*:*:*:*

part: a version: 1.2.0 update: *

Vendor	Gitlab (`57573e99-56e6-5fad-895e-0ce7fffc5b90`)
Product	Gitlab Shell (`7dbc690a-6d26-5eed-9424-370abf39e288`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/gitlab-shell`	purl2cpe	2026-06-01 10:14:46.066289
`pkg:deb/ubuntu/gitlab-shell`	purl2cpe	2026-06-01 10:14:46.066290
`pkg:github/gitlabhq/gitlab-shell`	purl2cpe	2026-06-01 10:14:46.066292
`pkg:gitlab/gitlab-org/gitlab-shell`	purl2cpe	2026-06-01 10:14:46.066293
`pkg:rpm/opensuse/gitlab-shell`	purl2cpe	2026-06-01 10:14:46.066294

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2013-4581`	vulnerable	2026-06-03 14:33:18.288235	Details available GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote attackers to execute arbitrary code via a crafted change using SSH. Published: 2014-05-12T14:00:00.000Z Updated: 2024-08-06T16:45:14.854Z Open on db.gcve.eu Reference links http://www.openwall.com/lists/oss-security/2013/11/15/4 https://www.gitlab.com/2013/11/14/multiple-critical-vulnerabilities-in-gitlab/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-4546`	vulnerable	2026-06-03 14:33:17.991190	Details available The repository import feature in gitlab-shell before 1.7.4, as used in GitLab, allows remote authenticated users to execute arbitrary commands via the import URL. Published: 2014-05-13T15:00:00.000Z Updated: 2024-08-06T16:45:15.033Z Open on db.gcve.eu Reference links https://www.gitlab.com/2013/11/08/security-vulnerability-in-gitlab-shell/ http://www.openwall.com/lists/oss-security/2013/11/11/2 https://gitlab.com/gitlab-org/gitlab-shell/blob/master/CHANGELOG	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-4490`	vulnerable	2026-06-03 14:33:17.212429	Details available The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before 1.7.3, as used in GitLab 5.0 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the public key. Published: 2014-05-13T15:00:00.000Z Updated: 2024-08-06T16:45:14.763Z Open on db.gcve.eu Reference links https://www.gitlab.com/2013/11/04/gitlab-ce-6-2-and-5-4-security-release/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.