CVE-2021-39880

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 11.9 through 14.0.8 GitLab CE/EE versions 14.1 through 14.1.3 GitLab CE/EE versions 14.2 through 14.2.1

Description: A Denial Of Service issue in the apollo upload server Ruby gem allows an attacker to deny access to all users via specially crafted requests to the apollo upload server middleware.

Recommendations: For versions 11.9 through 14.0.8, update to version 14.0.9 or later. For versions 14.1 through 14.1.3, update to version 14.1.4 or later. For versions 14.2 through 14.2.1, update to version 14.2.2 or later.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

BIT-GITLAB-2021-39880

CVE-2021-39880

GHSA-W6PV-C757-6RGR

Affected Products

Debian

Gitlab

Gitlab Ce/Ee

CVE-2021-39880

Related Identifiers

Affected Products

References · 21