CVE-2024-1493

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 9.2 through 16.11.5 GitLab CE/EE versions 17.0 through 17.0.3 GitLab CE/EE versions 17.1 through 17.1.1

Description: The issue concerns the processing logic for generating links in dependency files, which can lead to a regular expression Denial of Service (DoS) attack on the server. This is due to the use of a regular expression with inefficient computational complexity. The exploitation of this issue can allow a remote attacker to cause a denial of service.

Recommendations: For GitLab CE/EE versions 9.2 through 16.11.5, update to version 16.11.5 or later. For GitLab CE/EE versions 17.0 through 17.0.3, update to version 17.0.3 or later. For GitLab CE/EE versions 17.1 through 17.1.1, update to version 17.1.1 or later. As a temporary workaround, consider restricting the processing of dependency files to minimize the risk of exploitation.