CVE-2024-1963

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 8.4 through 16.10.7 GitLab CE/EE versions 16.11 through 16.11.4 GitLab CE/EE versions 17.0 through 17.0.2

Description A vulnerability in GitLab's Asana integration allowed an attacker to potentially cause a regular expression denial of service by sending specially crafted requests. This issue is related to uncontrolled resource consumption, which can be exploited by a remote attacker to cause a denial of service using specially crafted requests.

Recommendations For versions 8.4 through 16.10.7, update to version 16.10.7 or later. For versions 16.11 through 16.11.4, update to version 16.11.4 or later. For versions 17.0 through 17.0.2, update to version 17.0.2 or later. As a temporary workaround, consider disabling the Asana integration until a patch is available.