CVE-2024-2829

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 12.5 through 16.9.5 GitLab CE/EE versions 16.10 through 16.10.3 GitLab CE/EE versions 16.11 through 16.11.0

Description: An issue has been discovered in GitLab CE/EE where a crafted wildcard filter in FileFinder may lead to a denial of service. The vulnerability is related to insufficient processing of regular expressions, which can be exploited by a remote attacker to perform a denial of service attack.

Recommendations: For versions 12.5 through 16.9.5, update to version 16.9.6 or later. For versions 16.10 through 16.10.3, update to version 16.10.4 or later. For versions 16.11 through 16.11.0, update to version 16.11.1 or later. As a temporary workaround, consider restricting access to the FileFinder feature until a patch is available.