## https://sploitus.com/exploit?id=85061E4D-4D82-56B5-94E7-5C1DBD5DD52B
# CVE-2021-22205
[](https://ci.appveyor.com/project/ahmad4fifz/cve-2021-22205)
This is the deployment for Gitlab Enterprise Edition (13.9.5) that is vulnerable to [CVE-2021-22205](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22205) using Docker container.
## Description:
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.9. GitLab was not properly validating image files that were passed to a file parser which resulted in a remote command execution.
## Requirement:
Required atleast 4 CPU, 8GB RAM and 160GB Storage if using Digital Ocean's droplet. (Monthly around $40 only)
## Setup:
```
docker-compose up --build -d
```
## Volumes:
- ./config:/etc/gitlab
- ./logs:/var/log/gitlab
- ./data:/var/opt/gitlab
## References:
- https://www.rapid7.com/blog/post/2021/11/01/gitlab-unauthenticated-remote-code-execution-cve-2021-22205-exploited-in-the-wild/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22205
- https://about.gitlab.com/blog/2021/11/04/action-needed-in-response-to-cve2021-22205/
- https://nvd.nist.gov/vuln/detail/CVE-2021-22205
## License
Released under [MIT](/LICENSE) by [@ahmad4fifz](https://github.com/ahmad4fifz).