PT-2024-37160 · Github · Github Enterprise Server
Published
2024-07-16
·
Updated
2024-09-17
·
CVE-2024-5795
CVSS v3.1
7.7
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions:
GitHub Enterprise Server versions prior to 3.14
Description:
A Denial of Service issue was identified in GitHub Enterprise Server, allowing an attacker to cause unbounded resource exhaustion by sending a large payload to the Git server. This issue was reported via the GitHub Bug Bounty program.
Recommendations:
For versions prior to 3.9.17, update to version 3.9.17.
For versions prior to 3.10.14, update to version 3.10.14.
For versions prior to 3.11.12, update to version 3.11.12.
For versions prior to 3.12.6, update to version 3.12.6.
For versions prior to 3.13.1, update to version 3.13.1.
As a temporary workaround, consider restricting access to the Git server to minimize the risk of exploitation.
Fix
DoS
Resource Exhaustion
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Github Enterprise Server