Is Gitlab CE affecting CVE-2022-22963 and CVE-2022-22965?

We recently discovered the Vulnerability Information CVE-2022-22965/Spring4Shell (Spring Core) and CVE-2022-22963 (Spring Cloud Functions) issue. Did this affect Gitlab CE with any versions?

Could you please let us know if you want us to look into this?

We are using Gitlab CE 14.7.4

There is already a topic here Giltab Vulnerability to Spring4Shell

Please search before creating new questions. Thanks.

okay thanks

Upon becoming aware of the vulnerabilities, we immediately mobilized our Security and Engineering teams to determine usage of this software component and its potential impact within our product, across our company, and within our third-party software landscapes.

At this time, no malicious activity, exploitation, or indicators of compromise have been identified on Further, our product packaged Java components for both and self-managed instances do not use vulnerable Spring components, and thus are not vulnerable.


1 Like