CVE-2022-3759

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 14.3 through 15.6.7 GitLab CE/EE versions 15.7 through 15.7.6 GitLab CE/EE versions 15.8 through 15.8.1

Description An issue has been discovered in GitLab CE/EE where an attacker may upload a crafted CI job artifact zip file in a project that uses dynamic child pipelines. This can cause a sidekiq job to allocate a lot of memory, potentially leading to Denial of Service in GitLab instances where Sidekiq is memory-limited.

Recommendations For versions 14.3 through 15.6.7, update to version 15.6.7 or later to resolve the issue. For versions 15.7 through 15.7.6, update to version 15.7.6 or later to resolve the issue. For versions 15.8 through 15.8.1, update to version 15.8.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of dynamic child pipelines in projects to minimize the risk of exploitation.