CVE-2024-9367

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 13.9 through 17.4.5 GitLab CE/EE versions 17.5 through 17.5.3 GitLab CE/EE versions 17.6 through 17.6.1

Description An issue was discovered in GitLab CE/EE that allows an attacker to cause uncontrolled CPU consumption, potentially leading to a Denial of Service (DoS) condition while parsing templates to generate changelogs. This issue is related to the lack of protection measures for the web page structure. The exploitation of this issue can allow a remote attacker to cause a denial of service.

Recommendations For GitLab CE/EE versions 13.9 through 17.4.5, update to version 17.4.6 or later. For GitLab CE/EE versions 17.5 through 17.5.3, update to version 17.5.4 or later. For GitLab CE/EE versions 17.6 through 17.6.1, update to version 17.6.2 or later.