GitLab has called on users of GitLab community and enterprise edition versions 11.3.4 to 15.1.4, 15.2 to 15.2.3, and 15.3 to immediately apply the recently issued software update addressing a critical remote command execution vulnerability, tracked as CVE-2022-2884, according to BleepingComputer.
Threat actors could leverage the flaw to facilitate server takeovers and proceed to source code theft and deletion, as well as malicious commit execution. Malware and other backdoors could also be deployed following the compromise of servers using the security bug.
"We strongly recommend that all installations running a version affected by the issues described below are upgraded to the latest version as soon as possible," said GitLab.
Meanwhile, users without the ability to install the security updates have been advised to disable GitHub import used for software project importing from GitHub to GitLab as a workaround. GitHub has also provided a way to verify the proper implementation of the workaround.
Legislation seeking to address open source software risks in government has been introduced by Sens. Gary Peters, D-Mich., and Rob Portman, R-Ohio, according to The Record, a news site by cybersecurity firm Recorded Future.