CVE-2024-1816

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 12.0 through 16.11.5 GitLab CE/EE versions 17.0 through 17.0.3 GitLab CE/EE versions 17.1 through 17.1.1

Description: An issue in GitLab CE/EE allows an attacker to cause a denial of service using a crafted OpenAPI file, which can lead to uncontrolled resource consumption. This can be exploited by a remote attacker to disrupt service.

Recommendations: For versions 12.0 through 16.11.5, update to version 16.11.5 or later to resolve the issue. For versions 17.0 through 17.0.3, update to version 17.0.3 or later to resolve the issue. For versions 17.1 through 17.1.1, update to version 17.1.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the OpenAPI file to minimize the risk of exploitation.