PT-2024-9290 · Gitlab · Gitlab Ce/Ee+1
L33Thaxor
·
Published
2024-11-25
·
Updated
2024-12-13
·
CVE-2024-8237
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions:
GitLab CE/EE versions prior to 12.6
GitLab CE/EE versions 17.4 prior to 17.4.5
GitLab CE/EE versions 17.5 prior to 17.5.3
GitLab CE/EE versions 17.6 prior to 17.6.1
Description:
A Denial of Service (DoS) issue has been discovered in GitLab CE/EE. An attacker could cause a denial of service with a crafted
cargo.toml file. The issue is related to inefficient algorithmic complexity, which can be exploited by a remote attacker to cause a denial of service.Recommendations:
For versions prior to 12.6, update to version 12.6 or later.
For versions 17.4 prior to 17.4.5, update to version 17.4.5 or later.
For versions 17.5 prior to 17.5.3, update to version 17.5.3 or later.
For versions 17.6 prior to 17.6.1, update to version 17.6.1 or later.
As a temporary workaround, consider restricting the use of crafted
cargo.toml files to minimize the risk of exploitation.Exploit
Fix
DoS
Improper Resource Release
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Gitlab
Gitlab Ce/Ee