CVE-2024-8233

Name of the Vulnerable Software and Affected Versions GitLab CE/EE versions 9.4 through 17.4.6 GitLab CE/EE versions 17.5 through 17.5.4 GitLab CE/EE versions 17.6 through 17.6.2

Description The issue affects GitLab CE/EE and is related to an uncontrolled resource consumption. An attacker could cause a denial of service with requests for diff files on a commit or merge request. This could allow a remote attacker to cause a denial of service.

Recommendations For versions 9.4 through 17.4.6, update to a version after 17.4.6 to resolve the issue. For versions 17.5 through 17.5.4, update to a version after 17.5.4 to resolve the issue. For versions 17.6 through 17.6.2, update to a version after 17.6.2 to resolve the issue. As a temporary workaround, consider restricting access to diff files on commit or merge requests to minimize the risk of exploitation.