CVE-2024-6826

Name of the Vulnerable Software and Affected Versions: GitLab CE/EE versions 11.2 through 17.3.5 GitLab CE/EE versions 17.4 through 17.4.2 GitLab CE/EE versions 17.5 through 17.5.0

Description: A denial of service issue has been discovered in GitLab CE/EE. This issue can be exploited by importing a maliciously crafted XML manifest file, potentially allowing a remote attacker to cause a denial of service. The issue is related to the lack of protection measures for the web page structure.

Recommendations: For GitLab CE/EE versions 11.2 through 17.3.5, update to version 17.3.6 or later. For GitLab CE/EE versions 17.4 through 17.4.2, update to version 17.4.3 or later. For GitLab CE/EE versions 17.5 through 17.5.0, update to version 17.5.1 or later. As a temporary workaround, consider restricting the import of XML manifest files until a patch is available.