L33Thaxor

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions prior to 12.6 GitLab CE/EE versions 17.4 prior to 17.4.5 GitLab CE/EE versions 17.5 prior to 17.5.3 GitLab CE/EE versions 17.6 prior to 17.6.1 Description: A Denial of Service (DoS) issue has been discovered in GitLab CE/EE. An attacker could cause a denial of service with a crafted `cargo.toml` file. The issue is related to inefficient algorithmic complexity, which can be exploited by a remote attacker to cause a denial of service. Recommendations: For versions prior to 12.6, update to version 12.6 or later. For versions 17.4 prior to 17.4.5, update to version 17.4.5 or later. For versions 17.5 prior to 17.5.3, update to version 17.5.3 or later. For versions 17.6 prior to 17.6.1, update to version 17.6.1 or later. As a temporary workaround, consider restricting the use of crafted `cargo.toml` files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions 13.9 through 17.4.5 GitLab CE/EE versions 17.5 through 17.5.3 GitLab CE/EE versions 17.6 through 17.6.1 **Description** An issue was discovered in GitLab CE/EE that allows an attacker to cause uncontrolled CPU consumption, potentially leading to a Denial of Service (DoS) condition while parsing templates to generate changelogs. This issue is related to the lack of protection measures for the web page structure. The exploitation of this issue can allow a remote attacker to cause a denial of service. **Recommendations** For GitLab CE/EE versions 13.9 through 17.4.5, update to version 17.4.6 or later. For GitLab CE/EE versions 17.5 through 17.5.3, update to version 17.5.4 or later. For GitLab CE/EE versions 17.6 through 17.6.1, update to version 17.6.2 or later.