CVE-2024-1495

Published: Jun 12, 2024Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.1 prior to 16.10.7, starting from 16.11 prior to 16.11.4, and starting from 17.0 prior to 17.0.2. It was possible for an attacker to cause a denial of service using maliciously crafted file.

Affected (6)

Products: Gitlab: Gitlab

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	From 13.1 to 16.10.7
Gitlab Gitlab	From 16.11.0 to 16.11.4
Gitlab Gitlab	From 17.0.0 to 17.0.2
Gitlab Gitlab	From 13.1 to 16.10.7
Gitlab Gitlab	From 16.11.0 to 16.11.4
Gitlab Gitlab	From 17.0.0 to 17.0.2

Related CWEs

Inefficient Regular Expression Complexity

The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.

References (6)

https://about.gitlab.com/releases/2024/06/12/patch-release-gitlab-17-0-2-released/#redos-in-gomod-dependency-linker

Source: cve@gitlab.com

Release NotesVendor Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/441807

Source: cve@gitlab.com

Vendor Advisory

https://hackerone.com/reports/2359528

Source: cve@gitlab.com

Third Party Advisory

https://about.gitlab.com/releases/2024/06/12/patch-release-gitlab-17-0-2-released/#redos-in-gomod-dependency-linker

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://gitlab.com/gitlab-org/gitlab/-/issues/441807

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://hackerone.com/reports/2359528

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.