| GitLab 18 Extends Duo AI Feature |
| Written by Kay Ewbank | |||
| Thursday, 29 May 2025 | |||
|
GitLab 18 has been released with extensions to the Duo AI-based assistant. The news was followed by reports that Duo had a security vulnerability that provided a route for attackers. The problem has now been fixed. GitLab, the web-based repository manager for Git, specializes in providing a centralized, integrated platform for web developers with extensive features.
Duo, which is powered by Anthropic's Claude model, is a tool that helps developers write, review, and analyze code. GitLab 18.0 improvements included GitLab Premium and Ultimate with Duo, automatic reviews with Duo Code Review, and better context handling by Duo Code Review. GitLab's AI-native features include code suggestions and chat within the IDE. The suggestions can be used to analyze, understand, and explain code, and to refactor code to improve performance or use specific libraries. The updated version extends Duo Code Review. Until now, developers had to manually request reviews on each merge request. The new release lets you configure GitLab Duo Code Review to run automatically on merge requests by updating your project's merge request settings. When enabled, Duo Code Review automatically reviews merge requests unless the request is marked as draft. The tool also provides more comprehensive context. It now includes a merge request's title and description, and it examines all diffs simultaneously to recognize cross-file relationships and reduce false positives. There's also a list showing the full content of changed files. After the release of GitLab 18, security researchers identified a remote prompt injection vulnerability in GitLab's Duo that would allow attackers to steal source code from private projects and manipulate code suggestions shown to other users. The vulnerability has now been fixed, but shows an interesting way that AI-based tools could be misused. According to the blog post by Legit Security, GitLab Duo would respond to prompts hidden in a variety of locations in GitLab projects. The vulnerability arose because Duo analyzes the entire context of the page, including comments, descriptions, and the source code — making it vulnerable to injected instructions hidden anywhere in that context. Because Duo scans and processes this content to offer helpful AI responses, the hidden prompts tricked it into taking malicious actions, without the user realizing it. The researchers used a number of techniques to make their malicious prompts harder to spot, including Unicode smuggling with ASCII SmugglerBase; 16-encoded payloads; and KaTeX rendering in white text (to make prompts invisible inside GitLab's website). The team found that they could manipulate Duo's code suggestions, even instructing it to include a malicious JavaScript package within its recommended code. They could also get it to present a malicious URL as safe in Duo's response; causing the user to click it and land on a fake login page. The researchers also found that because Duo uses a technique called streaming markdown rendering to provide HTML faster, they could insert malicious HTML tags and gain control over parts of the page — including the ability to insert elements like <img> tags that trigger automatic HTTP requests to attacker-controlled servers. The GitLab team confirmed the HTML injection vulnerability and also acknowledged the prompt injection as a security issue. GitLab confirmed that both vectors had been remediated. GitLab 18 (complete with fixes to remove the security vulnerability) is available now.
More InformationRelated ArticlesGitLab Adds Google Cloud Integration GitLab Adds Seamless Geo Experience GitLab Adds Security Scan Policies GitLab 14 Offers DIY DevOps Alternative GitLab Adds Security Dashboards To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin. 
Comments
or email your comment to: comments@i-programmer.info |
