Name of the Vulnerable Software and Affected Versions eventing-gitlab cluster-local server versions prior to v1.11.3 eventing-gitlab cluster-local server versions prior to v1.12.1

Description The issue arises because the eventing-gitlab cluster-local server does not set the ReadHeaderTimeout variable, making it susceptible to a DDoS attack, specifically a Slowloris attack. This type of attack occurs when a large number of users send requests to the server, causing it to hang for an extended period and denying access to other users.

Recommendations For versions prior to v1.11.3, update to v1.11.3 to resolve the issue. For versions prior to v1.12.1, update to v1.12.1 to resolve the issue. As a temporary workaround, consider setting the ReadHeaderTimeout variable to prevent the server from hanging due to Slowloris attacks.