7.5

CVE-2024-4025

Inefficient Regular Expression Complexity in GitLab

A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions from 7.10 prior before 16.11.5, version 17.0 before 17.0.3, and 17.1 before 17.1.1. It is possible for an attacker to cause a denial of service using a crafted markdown page.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
GitlabGitLab SwEditioncommunity Version >= 7.10.0 < 16.11.5
GitlabGitLab SwEditionenterprise Version >= 7.10.0 < 16.11.5
GitlabGitLab SwEditioncommunity Version >= 17.0.0 < 17.0.3
GitlabGitLab SwEditionenterprise Version >= 17.0.0 < 17.0.3
GitlabGitLab Version17.1.0 SwEditioncommunity
GitlabGitLab Version17.1.0 SwEditionenterprise
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.2% 0.418
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.5 3.9 3.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
cve@gitlab.com 6.5 2.8 3.6
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE-1333 Inefficient Regular Expression Complexity

The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles.