CVE-2021-22197

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 10.6 and later

Description: An issue exists where an infinite loop occurs when an authenticated user with specific rights accesses a merge request (MR) having source and target branches pointing to each other.

Recommendations: For GitLab CE/EE versions 10.6 and later, consider restricting access to merge requests with circular branch references until a patch is available. As a temporary workaround, limit the rights of authenticated users to prevent them from accessing such merge requests. Avoid creating merge requests with source and target branches pointing to each other to minimize the risk of exploitation.