A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions starting with 15.9 before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. It is possible for an attacker to cause catastrophic backtracking while parsing results from Elasticsearch.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://gitlab.com/gitlab-org/gitlab/-/issues/468917 |
History
Thu, 29 Aug 2024 16:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Weaknesses | NVD-CWE-noinfo | |
CPEs | cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* |
Thu, 29 Aug 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Gitlab
Gitlab gitlab |
|
CPEs | cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:* | |
Vendors & Products |
Gitlab
Gitlab gitlab |
Thu, 08 Aug 2024 13:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 08 Aug 2024 10:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions starting with 15.9 before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. It is possible for an attacker to cause catastrophic backtracking while parsing results from Elasticsearch. | |
Title | Uncontrolled Resource Consumption in GitLab | |
Weaknesses | CWE-400 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitLab
Published: 2024-08-08T10:30:43.133Z
Updated: 2024-08-29T15:05:01.225Z
Reserved: 2024-08-08T10:02:04.174Z
Link: CVE-2024-7610
Vulnrichment
Updated: 2024-08-08T12:53:59.411Z
NVD
Status : Analyzed
Published: 2024-08-08T11:15:13.857
Modified: 2024-08-29T15:45:27.523
Link: CVE-2024-7610
Redhat
No data.