← Back to all briefings
Developer 5 min read Published Updated Credibility 40/100

GitLab issues critical security release for CVE-2020-10977

GitLab published a critical security release (12.9.4, 12.8.7, 12.7.9) to fix a path traversal vulnerability in GitLab CE/EE, urging immediate upgrades or mitigations for self-managed instances.

Zeph Tech Research Lead

Research lead, Zeph Tech

Timeline plotting source publication cadence sized by credibility.
1 publication timestamps supporting this briefing. Source data (JSON)

Executive briefing: On , GitLab issued a critical security release for GitLab CE/EE versions 12.9.4, 12.8.7, and 12.7.9. The update remediates CVE-2020-10977, a path traversal flaw that could allow unauthorized file reads via project imports, and includes fixes for related account and API issues.

Operator action: Upgrade self-managed GitLab instances to the patched versions immediately or apply the documented workaround to disable project imports. Validate that backup and replica nodes are updated, rotate credentials for any potentially exposed service accounts, and monitor logs for suspicious import activity.

Sources: GitLab’s advisory describes affected versions, mitigation steps, and links to the patched releases.

Timeline plotting source publication cadence sized by credibility.
1 publication timestamps supporting this briefing. Source data (JSON)
Horizontal bar chart of credibility scores per cited source.
Credibility scores for every source cited in this briefing. Source data (JSON)

Related briefings

Curated signals from the same pillar or overlapping topics.

Continue in the Developer pillar

Return to the hub for curated research and deep-dive guides.

Visit pillar hub

Latest guides

  • GitLab
  • Vulnerability Management
  • DevSecOps
Back to curated briefings