CVE-2024-4539

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 15.4 through 16.9.7 GitLab CE/EE versions 16.10 through 16.10.5 GitLab CE/EE versions 16.11 through 16.11.2

Description An issue has been discovered in GitLab CE/EE where abusing the API to filter branches and tags could lead to Denial of Service. This issue affects various versions of GitLab CE/EE, allowing potential abuse of the API.

Recommendations For versions 15.4 through 16.9.7, update to a version after 16.9.7 to resolve the issue. For versions 16.10 through 16.10.5, update to a version after 16.10.5 to resolve the issue. For versions 16.11 through 16.11.2, update to a version after 16.11.2 to resolve the issue. As a temporary workaround, consider restricting access to the API endpoints related to branch and tag filtering until a patch is available.