CVE-2024-1947

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 13.2.4 through 16.10.5 GitLab CE/EE versions 16.11 through 16.11.2 GitLab CE/EE versions 17.0 through 17.0.0

Description A denial of service (DoS) condition was discovered in GitLab CE/EE. This issue is related to uncontrolled resource consumption. An attacker could create a DoS condition by sending crafted API calls, potentially allowing a remote attacker to cause a denial of service.

Recommendations For versions 13.2.4 through 16.10.5, update to version 16.10.6 or later. For versions 16.11 through 16.11.2, update to version 16.11.3 or later. For versions 17.0 through 17.0.0, update to version 17.0.1 or later. As a temporary workaround, consider restricting access to API endpoints to minimize the risk of exploitation.