PT-2021-22760 · Gitlab · Gitlab
Dan Jensen
·
Published
2021-11-04
·
Updated
2024-03-06
·
CVE-2021-39914
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
GitLab versions 8.13 to 14.2.5
GitLab versions 14.3.0 to 14.3.3
GitLab versions 14.4.0
Description
A regular expression denial of service issue could cause excessive usage of resources when a specially crafted
username was used when provisioning a new user.Recommendations
For GitLab versions 8.13 to 14.2.5, update to a version outside of this range to resolve the issue.
For GitLab versions 14.3.0 to 14.3.3, update to a version outside of this range to resolve the issue.
For GitLab version 14.4.0, update to a version outside of this range to resolve the issue.
As a temporary workaround, consider restricting the use of specially crafted usernames when provisioning new users until a patch is available.
Fix
DoS
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gitlab