GitLab has released fixes for two critical severity security flaws in Git that could allow attackers to remotely execute arbitrary code and take advantage of integer overflows. Git is a free and open-source distributed version control system for software development.
Impact
The vulnerabilities, identified as CVE-2022-41903 and CVE-2022-23521, potentially impact sensitive and confidential information on Git versions released after v2.30.7.
DXC perspective
We recommend upgrading to the latest GitLab version as soon as possible. Regular software upgrades and securing the infrastructure with advanced threat protection tools helps guard against vulnerabilities.