Similar to a recently reported issue in GitHub, users can abuse the “comments” feature in GitLab to upload malware to any repository without the repository owner’s knowledge.
The flaw affects several versions of GitLab and patches have already been released. The servers at risk are mainly located in the United States, Germany, Russia, China, France, the U.K., India, and Canada.