gitlab-rails-ce-fips-18.2
Chainguard
Status
Impact
GitLab CE FIPS 18.2.5 uses activestorage 7.1.5.1, which is vulnerable to CVE-2025-24293 (command injection in Active Storage image transformations). Fixed versions: 7.1.5.2, 7.2.2.2, 8.0.2.1. Deferring to upstream GitLab to address this CVE in a subsequent update. See: https://docs.gitlab.com/ee/development/dependencies.html.
Status