CVE-2024-1495

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 13.1 through 16.10.7 GitLab CE/EE versions 16.11 through 16.11.4 GitLab CE/EE versions 17.0 through 17.0.2

Description An issue has been discovered in GitLab CE/EE that allows an attacker to cause a denial of service using maliciously crafted files. This is related to an uncontrolled resource consumption. The exploitation of this issue may allow a remote attacker to cause a denial of service.

Recommendations For versions 13.1 through 16.10.7, update to version 16.10.7 or later to resolve the issue. For versions 16.11 through 16.11.4, update to version 16.11.4 or later to resolve the issue. For versions 17.0 through 17.0.2, update to version 17.0.2 or later to resolve the issue. As a temporary workaround, consider restricting the upload of files to minimize the risk of exploitation.