CVE-2024-9631

Published: Feb 5, 2025Modified: Aug 6, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: cve@gitlab.com (Secondary)

Description

An issue was discovered in GitLab CE/EE affecting all versions starting from 13.6 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, where viewing diffs of MR with conflicts can be slow.

Affected (6)

Products: Gitlab: Gitlab

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Gitlab Gitlab	From 13.6.0 to 17.2.9
Gitlab Gitlab	From 17.3.0 to 17.3.5
Gitlab Gitlab	From 17.4.0 to 17.4.2
Gitlab Gitlab	From 13.6.0 to 17.2.9
Gitlab Gitlab	From 17.3.0 to 17.3.5
Gitlab Gitlab	From 17.4.0 to 17.4.2

Related CWEs

Inefficient Algorithmic Complexity

An algorithm in a product has an inefficient worst-case computational complexity that may be detrimental to system performance and can be triggered by an attacker, typically using crafted manipulations that ensure that the worst case is being reached.

Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

References (3)

https://gitlab.com/gitlab-org/gitlab/-/issues/480867

Source: cve@gitlab.com

ExploitIssue Tracking

https://hackerone.com/reports/2650086

Source: cve@gitlab.com

Permissions Required

https://gitlab.com/gitlab-org/gitlab/-/issues/480867

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

ExploitIssue Tracking

Timeline

No history available yet.