Afewgoats

**Name of the Vulnerable Software and Affected Versions** GitLab EE versions 12.3 through 16.2.7 GitLab EE versions 16.3 through 16.3.4 GitLab EE versions 16.4 through 16.4.0 **Description** An input validation issue in the asset proxy allowed an authenticated attacker to craft image URLs which bypass the asset proxy. **Recommendations** For versions 12.3 through 16.2.7, update to version 16.2.8 or later. For versions 16.3 through 16.3.4, update to version 16.3.5 or later. For versions 16.4 through 16.4.0, update to version 16.4.1 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions 10.8 through 15.5.7 GitLab CE/EE versions 15.6 through 15.6.4 GitLab CE/EE versions 15.7 through 15.7.2 **Description** An issue has been discovered in GitLab CE/EE that allows an attacker to cause Denial of Service on a GitLab instance by exploiting a regex issue in how the application parses user agents. **Recommendations** For versions 10.8 through 15.5.7, update to version 15.5.7 or later. For versions 15.6 through 15.6.4, update to version 15.6.4 or later. For versions 15.7 through 15.7.2, update to version 15.7.2 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions 1.0.2 through 14.10.4 GitLab CE/EE versions 15.0 through 15.0.3 GitLab CE/EE versions 15.1 through 15.1.0 **Description** A Regular Expression Denial of Service issue allows an attacker to make a GitLab instance inaccessible via specially crafted web server response headers. This issue affects GitLab instances, making them inaccessible. **Recommendations** For versions 1.0.2 through 14.10.4, update to version 14.10.5 or later. For versions 15.0 through 15.0.3, update to version 15.0.4 or later. For versions 15.1 through 15.1.0, update to version 15.1.1 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab versions prior to 14.0.2 GitLab versions prior to 13.12.6 GitLab versions prior to 13.11.6 **Description** The issue is related to the GitLab Webhook feature, which can be exploited to cause a denial of service. This is due to the potential for unlimited memory allocation. A remote attacker can exploit this to disrupt service. **Recommendations** For versions prior to 14.0.2, update to version 14.0.2 or later. For versions prior to 13.12.6, update to version 13.12.6 or later. For versions prior to 13.11.6, update to version 13.11.6 or later.