CVE-2013-4490
50Vexday Risk Score
Patch soon. It has a working public exploit.
ssvc Attendepss 42%
from disclosure to weapon98 days
Published on NVDMay 13
1st PoC+98d
metasploitNov 4
exploitation probability
42%top 1% of all CVEs
observed exploitation
nono source reports it
1 public exploit(s)
The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before 1.7.3, as used in GitLab 5.0 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands via shell metacharacters in the public key.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/34362unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.