vulnerability
Gitlab Gitlab: CVE-2018-19585: Improper Neutralization of CRLF Sequences
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
5 | (AV:N/AC:L/Au:N/C:N/I:P/A:N) | May 17, 2019 | Apr 22, 2025 | Jul 14, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
Published
May 17, 2019
Added
Apr 22, 2025
Modified
Jul 14, 2025
Description
GitLab CE/EE versions 8.18 up to 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1 have CRLF Injection in Project Mirroring when using the Git protocol.
Solution
gitlab-gitlab-upgrade-latest
References
- CWE-93
- CVE-2018-19585
- https://attackerkb.com/topics/CVE-2018-19585
- URL-http://packetstormsecurity.com/files/160516/GitLab-11.4.7-Remote-Code-Execution.html
- URL-http://packetstormsecurity.com/files/160699/GitLab-11.4.7-Remote-Code-Execution.html
- URL-https://about.gitlab.com/2018/11/28/security-release-gitlab-11-dot-5-dot-1-released/
- URL-https://about.gitlab.com/blog/categories/releases/

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.