← back
CVE-2013-4490

CVE-2013-4490

50Vexday Risk Score

Patch soon. It has a working public exploit.

ssvc Attendepss 42%
from disclosure to weapon98 days
Published on NVDMay 13
1st PoC+98d
metasploitNov 4
exploitation probability
42%top 1% of all CVEs
observed exploitation
nono source reports it
1 public exploit(s)
The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before 1.7.3, as used in GitLab 5.0 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the public key.
Affected products
n/a · n/a
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.