CVE-2022-2908

Name of the Vulnerable Software and Affected Versions Gitlab CE/EE versions 10.7 through 15.1.5 Gitlab CE/EE versions 15.2 through 15.2.3 Gitlab CE/EE versions 15.3 through 15.3.1

Description A potential DoS issue was discovered, allowing an attacker to trigger high CPU usage via a specially crafted input added in the Commit message field. This is due to insufficient input validation in the Commit message field, which can be exploited by a remote attacker to cause a denial of service.

Recommendations For Gitlab CE/EE versions 10.7 through 15.1.5, update to version 15.1.5 or later. For Gitlab CE/EE versions 15.2 through 15.2.3, update to version 15.2.3 or later. For Gitlab CE/EE versions 15.3 through 15.3.1, update to version 15.3.1 or later. As a temporary workaround, consider restricting access to the Commit message field to minimize the risk of exploitation.