Luryuson

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions 13.2.4 through 15.10.7 GitLab CE/EE versions 15.11 through 15.11.6 GitLab CE/EE versions 16.0 through 16.0.1 **Description** A denial of service issue was discovered in GitLab CE/EE, which allows an attacker to cause high resource consumption using malicious test report artifacts. **Recommendations** For versions 13.2.4 through 15.10.7, update to version 15.10.8 or later. For versions 15.11 through 15.11.6, update to version 15.11.7 or later. For versions 16.0 through 16.0.1, update to version 16.0.2 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions 14.3 through 15.6.7 GitLab CE/EE versions 15.7 through 15.7.6 GitLab CE/EE versions 15.8 through 15.8.1 **Description** An issue has been discovered in GitLab CE/EE where an attacker may upload a crafted CI job artifact zip file in a project that uses dynamic child pipelines. This can cause a sidekiq job to allocate a lot of memory, potentially leading to Denial of Service in GitLab instances where Sidekiq is memory-limited. **Recommendations** For versions 14.3 through 15.6.7, update to version 15.6.7 or later to resolve the issue. For versions 15.7 through 15.7.6, update to version 15.7.6 or later to resolve the issue. For versions 15.8 through 15.8.1, update to version 15.8.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of dynamic child pipelines in projects to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GitLab CE/EE versions 14.0 through 15.6.7 GitLab CE/EE versions 15.7 through 15.7.6 GitLab CE/EE versions 15.8 through 15.8.1 **Description** An issue has been discovered in GitLab CE/EE that allows a DoS attack to be triggered by uploading a malicious Helm chart. **Recommendations** For versions 14.0 through 15.6.7, update to version 15.6.7 or later. For versions 15.7 through 15.7.6, update to version 15.7.6 or later. For versions 15.8 through 15.8.1, update to version 15.8.1 or later.

**Name of the Vulnerable Software and Affected Versions** GitLab versions 12.8 through 15.4.6 GitLab versions 15.5 through 15.5.5 GitLab versions 15.6 through 15.6.1 **Description** An issue has been discovered in GitLab that allows for a Denial of Service (DoS) attack. This is possible by uploading a malicious nuget package. **Recommendations** For versions 12.8 through 15.4.6, update to version 15.4.6 or later to resolve the issue. For versions 15.5 through 15.5.5, update to version 15.5.5 or later to resolve the issue. For versions 15.6 through 15.6.1, update to version 15.6.1 or later to resolve the issue. As a temporary workaround, consider restricting the upload of nuget packages until a patch is available.