CVE-2023-6159

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 12.7 through 16.6.5 GitLab CE/EE versions 16.7 through 16.7.3 GitLab CE/EE versions 16.8 through 16.8.0

Description An issue has been discovered in GitLab CE/EE, where it is possible for an attacker to trigger a Regular Expression Denial of Service via a Cargo.toml containing maliciously crafted input. This is related to the use of a regular expression with inefficient computational complexity. The exploitation of this issue may allow a remote attacker to cause a denial of service.

Recommendations For GitLab CE/EE versions 12.7 through 16.6.5, update to version 16.6.6 or later. For GitLab CE/EE versions 16.7 through 16.7.3, update to version 16.7.4 or later. For GitLab CE/EE versions 16.8 through 16.8.0, update to version 16.8.1 or later. As a temporary workaround, consider restricting access to Cargo.toml files to minimize the risk of exploitation.