6.5

CVE-2024-1493

Uncontrolled Resource Consumption in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 9.2 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, with the processing logic for generating link in dependency files can lead to a regular  expression DoS attack on the server
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GitlabGitLab SwEditioncommunity Version >= 9.2.0 < 16.11.5
GitlabGitLab SwEditionenterprise Version >= 9.2.0 < 16.11.5
GitlabGitLab SwEditioncommunity Version >= 17.0.0 < 17.0.3
GitlabGitLab SwEditionenterprise Version >= 17.0.0 < 17.0.3
GitlabGitLab Version17.1.0 SwEditioncommunity
GitlabGitLab Version17.1.0 SwEditionenterprise
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.49% 0.382
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
cve@gitlab.com 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-1333 Inefficient Regular Expression Complexity

The product uses a regular expression with a worst-case computational complexity that is inefficient and possibly exponential.

https://gitlab.com/gitlab-org/gitlab/-/issues/441806
Broken Link
https://hackerone.com/reports/2370084
Permissions Required