nuclei-templates/http/cves/2021/CVE-2021-22205.yaml

id: CVE-2021-22205

info:
  name: GitLab CE/EE - Remote Code Execution
  author: GitLab Red Team
  severity: critical
  description: GitLab CE/EE starting from 11.9 does not properly validate image files that were passed to a file parser, resulting in a remote command execution vulnerability. This template attempts to passively identify vulnerable versions of GitLab without the need for an exploit by matching unique hashes for the application-<hash>.css file in the header for unauthenticated requests. Positive matches do not guarantee exploitability. Tooling to find relevant hashes based on the semantic version ranges specified in the CVE is linked in the references section below.
  reference:
    - https://gitlab.com/gitlab-com/gl-security/security-operations/gl-redteam/red-team-research/cve-2021-22205-hash-generator
    - https://gitlab.com/gitlab-com/gl-security/security-operations/gl-redteam/red-team-operations/-/issues/196
    - https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22205.json
    - https://censys.io/blog/cve-2021-22205-it-was-a-gitlab-smash/
    - https://security.humanativaspa.it/gitlab-ce-cve-2021-22205-in-the-wild/
    - https://hackerone.com/reports/1154542
    - https://nvd.nist.gov/vuln/detail/CVE-2021-22205
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
    cvss-score: 10
    cve-id: CVE-2021-22205
    cwe-id: CWE-94
    epss-score: 0.97419
    cpe: cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
    epss-percentile: 0.9989
  metadata:
    max-request: 1
    shodan-query: http.title:"GitLab"
    vendor: gitlab
    product: gitlab
  tags: kev,hackerone,cve,cve2021,gitlab,rce

http:
  - method: GET
    path:
      - "{{BaseURL}}/users/sign_in"

    host-redirects: true
    max-redirects: 3
    matchers:
      - type: word
        words:
          - "015d088713b23c749d8be0118caeb21039491d9812c75c913f48d53559ab09df"
          - "02aa9533ec4957bb01d206d6eaa51d762c7b7396362f0f7a3b5fb4dd6088745b"
          - "051048a171ccf14f73419f46d3bd8204aa3ed585a72924faea0192f53d42cfce"
          - "08858ced0ff83694fb12cf155f6d6bf450dcaae7192ea3de8383966993724290"
          - "0993beabc8d2bb9e3b8d12d24989426b909921e20e9c6a704de7a5f1dfa93c59"
          - "0a5b4edebfcb0a7be64edc06af410a6fbc6e3a65b76592a9f2bcc9afea7eb753"
          - "1084266bd81c697b5268b47c76565aa86b821126a6b9fe6ea7b50f64971fc96f"
          - "14c313ae08665f7ac748daef8a70010d2ea9b52fd0cae594ffa1ffa5d19c43f4"
          - "1626b2999241b5a658bddd1446648ed0b9cc289de4cc6e10f60b39681a0683c4"
          - "20f01320ba570c73e01af1a2ceb42987bcb7ac213cc585c187bec2370cf72eb6"
          - "27d2c4c4e2fcf6e589e3e1fe85723537333b087003aa4c1d2abcf74d5c899959"
          - "292ca64c0c109481b0855aea6b883a588bd293c6807e9493fc3af5a16f37f369"
          - "2eaf7e76aa55726cc0419f604e58ee73c5578c02c9e21fdbe7ae887925ea92ae"
          - "30a9dffe86b597151eff49443097496f0d1014bb6695a2f69a7c97dc1c27828f"
          - "318ee33e5d14035b04832fa07c492cdf57788adda50bb5219ef75b735cbf00e2"
          - "33313f1ff2602ef43d945e57e694e747eb00344455ddb9b2544491a3af2696a1"
          - "335f8ed58266e502d415f231f6675a32bb35cafcbaa279baa2c0400d4a9872ac"
          - "34031b465d912c7d03e815c7cfaff77a3fa7a9c84671bb663026d36b1acd3f86"
          - "3407a4fd892e9d5024f3096605eb1e25cad75a8bf847d26740a1e6a77e45b087"
          - "340c31a75c5150c5e501ec143849adbed26fed0da5a5ee8c60fb928009ea3b86"
          - "38981e26a24308976f3a29d6e5e2beef57c7acda3ad0d5e7f6f149d58fd09d3d"
          - "3963d28a20085f0725884e2dbf9b5c62300718aa9c6b4b696c842a3f4cf75fcd"
          - "39b154eeefef684cb6d56db45d315f8e9bf1b2cc86cf24d8131c674521f5b514"
          - "39fdbd63424a09b5b065a6cc60c9267d3f49950bf1f1a7fd276fe1ece4a35c09"
          - "3b51a43178df8b4db108a20e93a428a889c20a9ed5f41067d1a2e8224740838e"
          - "3cbf1ae156fa85f16d4ca01321e0965db8cfb9239404aaf52c3cebfc5b4493fb"
          - "40d8ac21e0e120f517fbc9a798ecb5caeef5182e01b7e7997aac30213ef367b3"
          - "4448d19024d3be03b5ba550b5b02d27f41c4bdba4db950f6f0e7136d820cd9e1"
          - "450cbe5102fb0f634c533051d2631578c8a6bae2c4ef1c2e50d4bfd090ce3b54"
          - "455d114267e5992b858fb725de1c1ddb83862890fe54436ffea5ff2d2f72edc8"
          - "4568941e60dbfda3472e3f745cd4287172d4e6cce44bed85390af9e4e2112d0b"
          - "45b2cf643afd34888294a073bf55717ea00860d6a1dca3d301ded1d0040cac44"
          - "473ef436c59830298a2424616d002865f17bb5a6e0334d3627affa352a4fc117"
          - "4990bb27037f3d5f1bffc0625162173ad8043166a1ae5c8505aabe6384935ce2"
          - "4a081f9e3a60a0e580cad484d66fbf5a1505ad313280e96728729069f87f856e"
          - "4abc4e078df94075056919bd59aed6e7a0f95067039a8339b8f614924d8cb160"
          - "504940239aafa3b3a7b49e592e06a0956ecaab8dbd4a5ea3a8ffd920b85d42eb"
          - "52560ba2603619d2ff1447002a60dcb62c7c957451fb820f1894e1ce7c23821c"
          - "530a8dd34c18ca91a31fbae2f41d4e66e253db0343681b3c9640766bf70d8edf"
          - "5440e2dd89d3c803295cc924699c93eb762e75d42178eb3fe8b42a5093075c71"
          - "62e4cc014d9d96f9cbf443186289ffd9c41bdfe951565324891dcf38bcca5a51"
          - "64e10bc92a379103a268a90a7863903eacb56843d8990fff8410f9f109c3b87a"
          - "655ad8aea57bdaaad10ff208c7f7aa88c9af89a834c0041ffc18c928cc3eab1f"
          - "67ac5da9c95d82e894c9efe975335f9e8bdae64967f33652cd9a97b5449216d2"
          - "69a1b8e44ba8b277e3c93911be41b0f588ac7275b91a184c6a3f448550ca28ca"
          - "6ae610d783ba9a520b82263f49d2907a52090fecb3ac37819cea12b67e6d94fb"
          - "70ce56efa7e602d4b127087b0eca064681ecdd49b57d86665da8b081da39408b"
          - "7310c45f08c5414036292b0c4026f281a73cf8a01af82a81257dd343f378bbb5"
          - "73a21594461cbc9a2fb00fc6f94aec1a33ccf435a7d008d764ddd0482e08fc8d"
          - "77566acc818458515231d0a82c131a42890d771ea998b9f578dc38e0eb7e517f"
          - "78812856e55613c6803ecb31cc1864b7555bf7f0126d1dfa6f37376d37d3aeab"
          - "79837fd1939f90d58cc5a842a81120e8cecbc03484362e88081ebf3b7e3830e9"
          - "7b1dcbacca4f585e2cb98f0d48f008acfec617e473ba4fd88de36b946570b8b9"
          - "7f1c7b2bfaa6152740d453804e7aa380077636cad101005ed85e70990ec20ec5"
          - "81c5f2c7b2c0b0abaeb59585f36904031c21b1702c24349404df52834fbd7ad3"
          - "83dc10f687305b22e602ba806619628a90bd4d89be7c626176a0efec173ecff1"
          - "93ebf32a4bd988b808c2329308847edd77e752b38becc995970079a6d586c39b"
          - "969119f639d0837f445a10ced20d3a82d2ea69d682a4e74f39a48a4e7b443d5e"
          - "9b4e140fad97320405244676f1a329679808e02c854077f73422bd8b7797476b"
          - "9c095c833db4364caae1659f4e4dcb78da3b5ec5e9a507154832126b0fe0f08e"
          - "a0c92bafde7d93e87af3bc2797125cba613018240a9f5305ff949be8a1b16528"
          - "a9308f85e95b00007892d451fd9f6beabcd8792b4c5f8cd7524ba7e941d479c9"
          - "ac9b38e86b6c87bf8db038ae23da3a5f17a6c391b3a54ad1e727136141a7d4f5"
          - "ae0edd232df6f579e19ea52115d35977f8bdbfa9958e0aef2221d62f3a39e7d8"
          - "aeddf31361633b3d1196c6483f25c484855e0f243e7f7e62686a4de9e10ec03b"
          - "b50bfeb87fe7bb245b31a0423ccfd866ca974bc5943e568ce47efb4cd221d711"
          - "b64a1277a08c2901915525143cd0b62d81a37de0a64ec135800f519cb0836445"
          - "bb1565ffd7c937bea412482ed9136c6057be50356f1f901379586989b4dfe2ca"
          - "be9a23d3021354ec649bc823b23eab01ed235a4eb730fd2f4f7cdb2a6dee453a"
          - "bec9544b57b8b2b515e855779735ad31c3eacf65d615b4bfbd574549735111e7"
          - "bf1ba5d5d3395adc5bad6f17cc3cb21b3fb29d3e3471a5b260e0bc5ec7a57bc4"
          - "bf1c397958ee5114e8f1dadc98fa9c9d7ddb031a4c3c030fa00c315384456218"
          - "c8d8d30d89b00098edab024579a3f3c0df2613a29ebcd57cdb9a9062675558e4"
          - "c923fa3e71e104d50615978c1ab9fcfccfcbada9e8df638fc27bf4d4eb72d78c"
          - "d0850f616c5b4f09a7ff319701bce0460ffc17ca0349ad2cf7808b868688cf71"
          - "d161b6e25db66456f8e0603de5132d1ff90f9388d0a0305d2d073a67fd229ddb"
          - "d56f0577fbbbd6f159e9be00b274270cb25b60a7809871a6a572783b533f5a3c"
          - "d812b9bf6957fafe35951054b9efc5be6b10c204c127aa5a048506218c34e40f"
          - "dc6b3e9c0fad345e7c45a569f4c34c3e94730c33743ae8ca055aa6669ad6ac56"
          - "def1880ada798c68ee010ba2193f53a2c65a8981871a634ae7e18ccdcd503fa3"
          - "e2578590390a9eb10cd65d130e36503fccb40b3921c65c160bb06943b2e3751a"
          - "e4b6f040fe2e04c86ed1f969fc72710a844fe30c3501b868cb519d98d1fe3fd0"
          - "eb078ffe61726e3898dc9d01ea7955809778bde5be3677d907cbd3b48854e687"
          - "ec9dfedd7bd44754668b208858a31b83489d5474f7606294f6cc0128bb218c6d"
          - "ed4780bb05c30e3c145419d06ad0ab3f48bd3004a90fb99601f40c5b6e1d90fd"
          - "ef53a4f4523a4a0499fb892d9fb5ddb89318538fef33a74ce0bf54d25777ea83"
          - "f154ef27cf0f1383ba4ca59531058312b44c84d40938bc8758827023db472812"
          - "f7d1309f3caef67cb63bd114c85e73b323a97d145ceca7d6ef3c1c010078c649"
          - "f9ab217549b223c55fa310f2007a8f5685f9596c579f5c5526e7dcb204ba0e11"
        condition: or

    extractors:
      - type: regex
        group: 1
        regex:
          - '(?:application-)(\S{64})(?:\.css)'
Added GitLab CE/EE Unauthenticated RCE using ExifTool (CVE-2021-22205) 2021-10-27 12:31:04 +00:00			`id: CVE-2021-22205`

			`info:`
Dashboard Content Enhancements (#4338) Dashboard Content Enhancements 2022-05-09 16:12:52 +00:00			`name: GitLab CE/EE - Remote Code Execution`
CVE-2021-22205 update (#3568) moved cves/2021/CVE-2021-22205.yaml to vulnerabilities/gitlab/gitlab-rce.yaml template extension update + added missing severity + misc updates 2022-01-20 08:55:57 +00:00			`author: GitLab Red Team`
Added GitLab CE/EE Unauthenticated RCE using ExifTool (CVE-2021-22205) 2021-10-27 12:31:04 +00:00			`severity: critical`
Dashboard Content Enhancements (#4338) Dashboard Content Enhancements 2022-05-09 16:12:52 +00:00			description: GitLab CE/EE starting from 11.9 does not properly validate image files that were passed to a file parser, resulting in a remote command execution vulnerability. This template attempts to passively identify vulnerable versions of GitLab without the need for an exploit by matching unique hashes for the application-<hash>.css file in the header for unauthenticated requests. Positive matches do not guarantee exploitability. Tooling to find relevant hashes based on the semantic version ranges specified in the CVE is linked in the references section below.
Added GitLab CE/EE Unauthenticated RCE using ExifTool (CVE-2021-22205) 2021-10-27 12:31:04 +00:00			`reference:`
CVE-2021-22205 update (#3568) moved cves/2021/CVE-2021-22205.yaml to vulnerabilities/gitlab/gitlab-rce.yaml template extension update + added missing severity + misc updates 2022-01-20 08:55:57 +00:00			`- https://gitlab.com/gitlab-com/gl-security/security-operations/gl-redteam/red-team-research/cve-2021-22205-hash-generator`
			`- https://gitlab.com/gitlab-com/gl-security/security-operations/gl-redteam/red-team-operations/-/issues/196`
			`- https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22205.json`
			`- https://censys.io/blog/cve-2021-22205-it-was-a-gitlab-smash/`
Added GitLab CE/EE Unauthenticated RCE using ExifTool (CVE-2021-22205) 2021-10-27 12:31:04 +00:00			`- https://security.humanativaspa.it/gitlab-ce-cve-2021-22205-in-the-wild/`
			`- https://hackerone.com/reports/1154542`
			`- https://nvd.nist.gov/vuln/detail/CVE-2021-22205`
			`classification:`
additional reference to cves templates (#4395) * additional reference to cves templates * Update CVE-2006-1681.yaml * Update CVE-2009-3318.yaml * Update CVE-2009-4223.yaml * Update CVE-2010-0942.yaml * Update CVE-2010-0944.yaml * Update CVE-2010-0972.yaml * Update CVE-2010-1304.yaml * Update CVE-2010-1308.yaml * Update CVE-2010-1313.yaml * Update CVE-2010-1461.yaml * Update CVE-2010-1470.yaml * Update CVE-2010-1471.yaml * Update CVE-2010-1472.yaml * Update CVE-2010-1474.yaml * removed duplicate references * misc fix Co-authored-by: Prince Chaddha <prince@projectdiscovery.io> Co-authored-by: Prince Chaddha <cyberbossprince@gmail.com> 2022-05-17 09:18:12 +00:00			`cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H`
			`cvss-score: 10`
Added GitLab CE/EE Unauthenticated RCE using ExifTool (CVE-2021-22205) 2021-10-27 12:31:04 +00:00			`cve-id: CVE-2021-22205`
CVE Enrichment :tada: 2023-07-11 19:49:27 +00:00			`cwe-id: CWE-94`
Added EPSS Percentile 2023-08-31 11:46:18 +00:00			`epss-score: 0.97419`
CVE Enrichment :tada: 2023-07-11 19:49:27 +00:00			`cpe: cpe:2.3:a:gitlab:gitlab:::::community:::*`
Added EPSS Percentile 2023-08-31 11:46:18 +00:00			`epss-percentile: 0.9989`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`metadata:`
Added max request counter of each template 2023-04-28 08:11:21 +00:00			`max-request: 1`
refactor: Description field uniformization * info field reorder * reference values refactored to list * added new lines after the id and before the protocols * removed extra new lines * split really long descriptions to multiple lines (part 1) * other minor fixes 2022-04-22 10:38:41 +00:00			`shodan-query: http.title:"GitLab"`
CVE Enrichment :tada: 2023-07-11 19:49:27 +00:00			`vendor: gitlab`
			`product: gitlab`
Auto Generated CVE annotations [Sat Aug 27 04:41:18 UTC 2022] :robot: 2022-08-27 04:41:18 +00:00			`tags: kev,hackerone,cve,cve2021,gitlab,rce`
Added GitLab CE/EE Unauthenticated RCE using ExifTool (CVE-2021-22205) 2021-10-27 12:31:04 +00:00
Refactoring the directory structure based on protocols (#7137) * moving http templates * updated cves.json * moved network CVEs * updated scripts * updated workflows * updated requests to http * replaced network to tcp --------- Co-authored-by: sandeep <8293321+ehsandeep@users.noreply.github.com> 2023-04-27 04:28:59 +00:00			`http:`
CVE-2021-22205 update (#3568) moved cves/2021/CVE-2021-22205.yaml to vulnerabilities/gitlab/gitlab-rce.yaml template extension update + added missing severity + misc updates 2022-01-20 08:55:57 +00:00			`- method: GET`
			`path:`
			`- "{{BaseURL}}/users/sign_in"`
Added GitLab CE/EE Unauthenticated RCE using ExifTool (CVE-2021-22205) 2021-10-27 12:31:04 +00:00
Using "host-redirects" instead of "redirects" to avoid scanning 3rd party / out of scope hosts. (#5491) 2022-10-07 21:27:25 +00:00			`host-redirects: true`
CVE-2021-22205 update (#3568) moved cves/2021/CVE-2021-22205.yaml to vulnerabilities/gitlab/gitlab-rce.yaml template extension update + added missing severity + misc updates 2022-01-20 08:55:57 +00:00			`max-redirects: 3`
Added GitLab CE/EE Unauthenticated RCE using ExifTool (CVE-2021-22205) 2021-10-27 12:31:04 +00:00			`matchers:`
			`- type: word`
			`words:`
CVE-2021-22205 update (#3568) moved cves/2021/CVE-2021-22205.yaml to vulnerabilities/gitlab/gitlab-rce.yaml template extension update + added missing severity + misc updates 2022-01-20 08:55:57 +00:00			`- "015d088713b23c749d8be0118caeb21039491d9812c75c913f48d53559ab09df"`
			`- "02aa9533ec4957bb01d206d6eaa51d762c7b7396362f0f7a3b5fb4dd6088745b"`
			`- "051048a171ccf14f73419f46d3bd8204aa3ed585a72924faea0192f53d42cfce"`
			`- "08858ced0ff83694fb12cf155f6d6bf450dcaae7192ea3de8383966993724290"`
			`- "0993beabc8d2bb9e3b8d12d24989426b909921e20e9c6a704de7a5f1dfa93c59"`
			`- "0a5b4edebfcb0a7be64edc06af410a6fbc6e3a65b76592a9f2bcc9afea7eb753"`
			`- "1084266bd81c697b5268b47c76565aa86b821126a6b9fe6ea7b50f64971fc96f"`
			`- "14c313ae08665f7ac748daef8a70010d2ea9b52fd0cae594ffa1ffa5d19c43f4"`
			`- "1626b2999241b5a658bddd1446648ed0b9cc289de4cc6e10f60b39681a0683c4"`
			`- "20f01320ba570c73e01af1a2ceb42987bcb7ac213cc585c187bec2370cf72eb6"`
			`- "27d2c4c4e2fcf6e589e3e1fe85723537333b087003aa4c1d2abcf74d5c899959"`
			`- "292ca64c0c109481b0855aea6b883a588bd293c6807e9493fc3af5a16f37f369"`
			`- "2eaf7e76aa55726cc0419f604e58ee73c5578c02c9e21fdbe7ae887925ea92ae"`
			`- "30a9dffe86b597151eff49443097496f0d1014bb6695a2f69a7c97dc1c27828f"`
			`- "318ee33e5d14035b04832fa07c492cdf57788adda50bb5219ef75b735cbf00e2"`
			`- "33313f1ff2602ef43d945e57e694e747eb00344455ddb9b2544491a3af2696a1"`
			`- "335f8ed58266e502d415f231f6675a32bb35cafcbaa279baa2c0400d4a9872ac"`
			`- "34031b465d912c7d03e815c7cfaff77a3fa7a9c84671bb663026d36b1acd3f86"`
			`- "3407a4fd892e9d5024f3096605eb1e25cad75a8bf847d26740a1e6a77e45b087"`
			`- "340c31a75c5150c5e501ec143849adbed26fed0da5a5ee8c60fb928009ea3b86"`
			`- "38981e26a24308976f3a29d6e5e2beef57c7acda3ad0d5e7f6f149d58fd09d3d"`
			`- "3963d28a20085f0725884e2dbf9b5c62300718aa9c6b4b696c842a3f4cf75fcd"`
			`- "39b154eeefef684cb6d56db45d315f8e9bf1b2cc86cf24d8131c674521f5b514"`
			`- "39fdbd63424a09b5b065a6cc60c9267d3f49950bf1f1a7fd276fe1ece4a35c09"`
			`- "3b51a43178df8b4db108a20e93a428a889c20a9ed5f41067d1a2e8224740838e"`
			`- "3cbf1ae156fa85f16d4ca01321e0965db8cfb9239404aaf52c3cebfc5b4493fb"`
			`- "40d8ac21e0e120f517fbc9a798ecb5caeef5182e01b7e7997aac30213ef367b3"`
			`- "4448d19024d3be03b5ba550b5b02d27f41c4bdba4db950f6f0e7136d820cd9e1"`
			`- "450cbe5102fb0f634c533051d2631578c8a6bae2c4ef1c2e50d4bfd090ce3b54"`
			`- "455d114267e5992b858fb725de1c1ddb83862890fe54436ffea5ff2d2f72edc8"`
			`- "4568941e60dbfda3472e3f745cd4287172d4e6cce44bed85390af9e4e2112d0b"`
			`- "45b2cf643afd34888294a073bf55717ea00860d6a1dca3d301ded1d0040cac44"`
			`- "473ef436c59830298a2424616d002865f17bb5a6e0334d3627affa352a4fc117"`
			`- "4990bb27037f3d5f1bffc0625162173ad8043166a1ae5c8505aabe6384935ce2"`
			`- "4a081f9e3a60a0e580cad484d66fbf5a1505ad313280e96728729069f87f856e"`
			`- "4abc4e078df94075056919bd59aed6e7a0f95067039a8339b8f614924d8cb160"`
			`- "504940239aafa3b3a7b49e592e06a0956ecaab8dbd4a5ea3a8ffd920b85d42eb"`
			`- "52560ba2603619d2ff1447002a60dcb62c7c957451fb820f1894e1ce7c23821c"`
			`- "530a8dd34c18ca91a31fbae2f41d4e66e253db0343681b3c9640766bf70d8edf"`
			`- "5440e2dd89d3c803295cc924699c93eb762e75d42178eb3fe8b42a5093075c71"`
			`- "62e4cc014d9d96f9cbf443186289ffd9c41bdfe951565324891dcf38bcca5a51"`
			`- "64e10bc92a379103a268a90a7863903eacb56843d8990fff8410f9f109c3b87a"`
			`- "655ad8aea57bdaaad10ff208c7f7aa88c9af89a834c0041ffc18c928cc3eab1f"`
			`- "67ac5da9c95d82e894c9efe975335f9e8bdae64967f33652cd9a97b5449216d2"`
			`- "69a1b8e44ba8b277e3c93911be41b0f588ac7275b91a184c6a3f448550ca28ca"`
			`- "6ae610d783ba9a520b82263f49d2907a52090fecb3ac37819cea12b67e6d94fb"`
			`- "70ce56efa7e602d4b127087b0eca064681ecdd49b57d86665da8b081da39408b"`
			`- "7310c45f08c5414036292b0c4026f281a73cf8a01af82a81257dd343f378bbb5"`
			`- "73a21594461cbc9a2fb00fc6f94aec1a33ccf435a7d008d764ddd0482e08fc8d"`
			`- "77566acc818458515231d0a82c131a42890d771ea998b9f578dc38e0eb7e517f"`
			`- "78812856e55613c6803ecb31cc1864b7555bf7f0126d1dfa6f37376d37d3aeab"`
			`- "79837fd1939f90d58cc5a842a81120e8cecbc03484362e88081ebf3b7e3830e9"`
			`- "7b1dcbacca4f585e2cb98f0d48f008acfec617e473ba4fd88de36b946570b8b9"`
			`- "7f1c7b2bfaa6152740d453804e7aa380077636cad101005ed85e70990ec20ec5"`
			`- "81c5f2c7b2c0b0abaeb59585f36904031c21b1702c24349404df52834fbd7ad3"`
			`- "83dc10f687305b22e602ba806619628a90bd4d89be7c626176a0efec173ecff1"`
			`- "93ebf32a4bd988b808c2329308847edd77e752b38becc995970079a6d586c39b"`
			`- "969119f639d0837f445a10ced20d3a82d2ea69d682a4e74f39a48a4e7b443d5e"`
			`- "9b4e140fad97320405244676f1a329679808e02c854077f73422bd8b7797476b"`
			`- "9c095c833db4364caae1659f4e4dcb78da3b5ec5e9a507154832126b0fe0f08e"`
			`- "a0c92bafde7d93e87af3bc2797125cba613018240a9f5305ff949be8a1b16528"`
			`- "a9308f85e95b00007892d451fd9f6beabcd8792b4c5f8cd7524ba7e941d479c9"`
			`- "ac9b38e86b6c87bf8db038ae23da3a5f17a6c391b3a54ad1e727136141a7d4f5"`
			`- "ae0edd232df6f579e19ea52115d35977f8bdbfa9958e0aef2221d62f3a39e7d8"`
			`- "aeddf31361633b3d1196c6483f25c484855e0f243e7f7e62686a4de9e10ec03b"`
			`- "b50bfeb87fe7bb245b31a0423ccfd866ca974bc5943e568ce47efb4cd221d711"`
			`- "b64a1277a08c2901915525143cd0b62d81a37de0a64ec135800f519cb0836445"`
			`- "bb1565ffd7c937bea412482ed9136c6057be50356f1f901379586989b4dfe2ca"`
			`- "be9a23d3021354ec649bc823b23eab01ed235a4eb730fd2f4f7cdb2a6dee453a"`
			`- "bec9544b57b8b2b515e855779735ad31c3eacf65d615b4bfbd574549735111e7"`
			`- "bf1ba5d5d3395adc5bad6f17cc3cb21b3fb29d3e3471a5b260e0bc5ec7a57bc4"`
			`- "bf1c397958ee5114e8f1dadc98fa9c9d7ddb031a4c3c030fa00c315384456218"`
			`- "c8d8d30d89b00098edab024579a3f3c0df2613a29ebcd57cdb9a9062675558e4"`
			`- "c923fa3e71e104d50615978c1ab9fcfccfcbada9e8df638fc27bf4d4eb72d78c"`
			`- "d0850f616c5b4f09a7ff319701bce0460ffc17ca0349ad2cf7808b868688cf71"`
			`- "d161b6e25db66456f8e0603de5132d1ff90f9388d0a0305d2d073a67fd229ddb"`
			`- "d56f0577fbbbd6f159e9be00b274270cb25b60a7809871a6a572783b533f5a3c"`
			`- "d812b9bf6957fafe35951054b9efc5be6b10c204c127aa5a048506218c34e40f"`
			`- "dc6b3e9c0fad345e7c45a569f4c34c3e94730c33743ae8ca055aa6669ad6ac56"`
			`- "def1880ada798c68ee010ba2193f53a2c65a8981871a634ae7e18ccdcd503fa3"`
			`- "e2578590390a9eb10cd65d130e36503fccb40b3921c65c160bb06943b2e3751a"`
			`- "e4b6f040fe2e04c86ed1f969fc72710a844fe30c3501b868cb519d98d1fe3fd0"`
			`- "eb078ffe61726e3898dc9d01ea7955809778bde5be3677d907cbd3b48854e687"`
			`- "ec9dfedd7bd44754668b208858a31b83489d5474f7606294f6cc0128bb218c6d"`
			`- "ed4780bb05c30e3c145419d06ad0ab3f48bd3004a90fb99601f40c5b6e1d90fd"`
			`- "ef53a4f4523a4a0499fb892d9fb5ddb89318538fef33a74ce0bf54d25777ea83"`
			`- "f154ef27cf0f1383ba4ca59531058312b44c84d40938bc8758827023db472812"`
			`- "f7d1309f3caef67cb63bd114c85e73b323a97d145ceca7d6ef3c1c010078c649"`
			`- "f9ab217549b223c55fa310f2007a8f5685f9596c579f5c5526e7dcb204ba0e11"`
			`condition: or`
Added GitLab CE/EE Unauthenticated RCE using ExifTool (CVE-2021-22205) 2021-10-27 12:31:04 +00:00
			`extractors:`
			`- type: regex`
			`group: 1`
			`regex:`
Dashboard Content Enhancements (#4338) Dashboard Content Enhancements 2022-05-09 16:12:52 +00:00			`- '(?:application-)(\S{64})(?:\.css)'`