Toukakirishima

**Name of the Vulnerable Software and Affected Versions** GitLab EE versions prior to 16.4.4 GitLab EE versions 16.5 through 16.5.4 GitLab EE versions 16.6 through 16.6.2 **Description** An issue has been discovered in GitLab EE that allows overflowing the time spent on an issue, altering the details shown in the issue boards. **Recommendations** For versions prior to 16.4.4, update to version 16.4.4 or later. For versions 16.5 through 16.5.3, update to version 16.5.4 or later. For versions 16.6 through 16.6.1, update to version 16.6.2 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab EE versions 10.5 through 16.4.2 GitLab EE versions 16.5 through 16.5.2 GitLab EE versions 16.6 through 16.6.0 **Description** An issue has been discovered in GitLab EE, allowing an attacker to cause a client-side denial of service using maliciously crafted mermaid diagram input. **Recommendations** For versions 10.5 through 16.4.2, update to version 16.4.3 or later. For versions 16.5 through 16.5.2, update to version 16.5.3 or later. For versions 16.6 through 16.6.0, update to version 16.6.1 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions 16.1 through 16.1.2 GitLab CE/EE versions 16.2 through 16.2.1 **Description** An issue has been discovered in GitLab CE/EE where an invalid `start sha` value on the merge requests page may lead to Denial of Service, causing the Changes tab to not load. **Recommendations** For GitLab CE/EE versions 16.1 through 16.1.2, update to version 16.1.3 or later. For GitLab CE/EE versions 16.2 through 16.2.1, update to version 16.2.2 or later.