CVE-2024-8124

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 16.4 through 17.1.7 GitLab CE/EE versions 17.2 through 17.2.5 GitLab CE/EE versions 17.3 through 17.3.2

Description The issue is related to the use of a regular expression with inefficient computational complexity in GitLab, a software platform based on git for collaborative code work. Exploitation of the issue could allow a remote attacker to cause a denial of service by sending a specific POST request, potentially via a large glm source parameter.

Recommendations For GitLab CE/EE versions 16.4 through 17.1.7, update to version 17.1.7 or later. For GitLab CE/EE versions 17.2 through 17.2.5, update to version 17.2.5 or later. For GitLab CE/EE versions 17.3 through 17.3.2, update to version 17.3.2 or later. As a temporary workaround, consider restricting access to the glm source parameter in the affected API endpoint until a patch is available.