Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2020-7978

Summary
Assigner-mitre
Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At-05 Feb, 2020 | 15:20
Updated At-04 Aug, 2024 | 09:48
Rejected At-
Credits

GitLab EE 12.6 and later through 12.7.2 allows Denial of Service.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:mitre
Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca
Published At:05 Feb, 2020 | 15:20
Updated At:04 Aug, 2024 | 09:48
Rejected At:
▼CVE Numbering Authority (CNA)

GitLab EE 12.6 and later through 12.7.2 allows Denial of Service.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://about.gitlab.com/blog/categories/releases/
x_refsource_MISC
https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
x_refsource_CONFIRM
Hyperlink: https://about.gitlab.com/blog/categories/releases/
Resource:
x_refsource_MISC
Hyperlink: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
Resource:
x_refsource_CONFIRM
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://about.gitlab.com/blog/categories/releases/
x_refsource_MISC
x_transferred
https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
x_refsource_CONFIRM
x_transferred
Hyperlink: https://about.gitlab.com/blog/categories/releases/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
Resource:
x_refsource_CONFIRM
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:cve@mitre.org
Published At:05 Feb, 2020 | 16:15
Updated At:06 Feb, 2020 | 16:45

GitLab EE 12.6 and later through 12.7.2 allows Denial of Service.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
Type: Primary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:N/I:N/A:P
CPE Matches
GitLab Inc.
gitlab
>>gitlab>>Versions from 12.6.0(inclusive) to 12.6.6(exclusive)
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
GitLab Inc.
gitlab
>>gitlab>>Versions from 12.7.0(inclusive) to 12.7.2(inclusive)
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
Weaknesses
CWE IDTypeSource
NVD-CWE-noinfoPrimarynvd@nist.gov
CWE ID: NVD-CWE-noinfo
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://about.gitlab.com/blog/categories/releases/cve@mitre.org
Release Notes
Vendor Advisory
https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/cve@mitre.org
Release Notes
Vendor Advisory
Hyperlink: https://about.gitlab.com/blog/categories/releases/
Source: cve@mitre.org
Resource:
Release Notes
Vendor Advisory
Hyperlink: https://about.gitlab.com/releases/2020/01/30/security-release-gitlab-12-7-4-released/
Source: cve@mitre.org
Resource:
Release Notes
Vendor Advisory

Change History

0
Information is not available yet

Similar CVEs

76Records found
CVE-2023-2132
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-7.5||HIGH
EPSS-1.35% / 79.30%
||
7 Day CHG~0.00%
Published-06 Jun, 2023 | 00:00
Updated-07 Jan, 2025 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A DollarMathPostFilter Regular Expression Denial of Service in was possible by sending crafted payloads to the preview_markdown endpoint.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2023-1733
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.59% / 68.23%
||
7 Day CHG~0.00%
Published-05 Apr, 2023 | 00:00
Updated-10 Feb, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service condition exists in the Prometheus server bundled with GitLab affecting all versions from 11.10 to 15.8.5, 15.9 to 15.9.4 and 15.10 to 15.10.1.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-2800
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.61% / 68.89%
||
7 Day CHG~0.00%
Published-08 Aug, 2024 | 10:31
Updated-18 Sep, 2024 | 12:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Uncontrolled Resource Consumption in GitLab

ReDoS flaw in RefMatcher when matching branch names using wildcards in GitLab EE/CE affecting all versions from 11.3 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allows denial of service via Regex backtracking.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2023-0632
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.35% / 56.88%
||
7 Day CHG~0.00%
Published-01 Aug, 2023 | 23:36
Updated-22 May, 2025 | 04:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Inefficient Regular Expression Complexity in GitLab

An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible by using crafted payloads to search Harbor Registry.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2023-0518
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.61% / 68.90%
||
7 Day CHG~0.00%
Published-13 Feb, 2023 | 00:00
Updated-21 Mar, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1. It was possible to trigger a DoS attack by uploading a malicious Helm chart.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-0121
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-6.5||MEDIUM
EPSS-2.07% / 83.21%
||
7 Day CHG~0.00%
Published-07 Jun, 2023 | 00:00
Updated-07 Jan, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Allocation of Resources Without Limits or Throttling in GitLab

A denial of service issue was discovered in GitLab CE/EE affecting all versions starting from 13.2.4 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2 which allows an attacker to cause high resource consumption using malicious test report artifacts.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-11828
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.57% / 67.55%
||
7 Day CHG-0.11%
Published-26 Nov, 2024 | 18:41
Updated-12 Dec, 2024 | 21:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Inefficient Algorithmic Complexity in GitLab

A denial of service (DoS) condition was discovered in GitLab CE/EE affecting all versions from 13.2.4 before 17.4.5, 17.5 before 17.5.3, and 17.6 before 17.6.1. By leveraging this vulnerability an attacker could create a DoS condition by sending crafted API calls. This was a regression of an earlier patch.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-407
Inefficient Algorithmic Complexity
CVE-2023-6386
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.88% / 74.40%
||
7 Day CHG~0.00%
Published-05 Feb, 2025 | 09:31
Updated-05 Aug, 2025 | 21:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Allocation of Resources Without Limits or Throttling in GitLab

A denial of service vulnerability was identified in GitLab CE/EE, affecting all versions from 15.11 prior to 16.6.7, 16.7 prior to 16.7.5 and 16.8 prior to 16.8.2 which allows an attacker to spike the GitLab instance resource usage resulting in service degradation.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2018-15472
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.09% / 25.74%
||
7 Day CHG~0.00%
Published-15 Apr, 2023 | 00:00
Updated-10 Feb, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. The diff formatter using rouge can block for a long time in Sidekiq jobs without any timeout.

Action-Not Available
Vendor-n/aGitLab Inc.
Product-gitlabn/a
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2018-14601
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.23% / 46.06%
||
7 Day CHG~0.00%
Published-27 Jul, 2018 | 02:00
Updated-05 Aug, 2024 | 09:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in GitLab Community and Enterprise Edition 11.1.x before 11.1.2. A Denial of Service can occur because Markdown rendering times are slow.

Action-Not Available
Vendor-n/aGitLab Inc.
Product-gitlabn/a
CVE-2020-13274
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-7.5||HIGH
EPSS-0.18% / 39.59%
||
7 Day CHG~0.00%
Published-19 Jun, 2020 | 21:53
Updated-04 Aug, 2024 | 12:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A security issue allowed achieving Denial of Service attacks through memory exhaustion by uploading malicious artifacts in all previous GitLab versions through 13.0.1

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CVE-2023-4011
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.04% / 12.77%
||
7 Day CHG~0.00%
Published-02 Aug, 2023 | 05:30
Updated-03 Oct, 2024 | 07:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab EE affecting all versions from 15.11 prior to 16.2.2 which allows an attacker to spike the resource consumption resulting in DoS.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2023-3994
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-7.5||HIGH
EPSS-0.35% / 56.88%
||
7 Day CHG~0.00%
Published-02 Aug, 2023 | 00:06
Updated-22 May, 2025 | 04:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Inefficient Regular Expression Complexity in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 9.3 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible via sending crafted payloads which use ProjectReferenceFilter to the preview_markdown endpoint.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2020-10089
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.14% / 34.88%
||
7 Day CHG~0.00%
Published-13 Mar, 2020 | 16:27
Updated-04 Aug, 2024 | 10:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

GitLab 8.11 through 12.8.1 allows a Denial of Service when using several features to recursively request eachother,

Action-Not Available
Vendor-n/aGitLab Inc.
Product-gitlabn/a
CWE ID-CWE-674
Uncontrolled Recursion
CVE-2021-22210
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.20% / 42.08%
||
7 Day CHG~0.00%
Published-06 May, 2021 | 13:19
Updated-03 Aug, 2024 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2. When querying the repository branches through API, GitLab was ignoring a query parameter and returning a considerable amount of results.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2021-22166
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 36.18%
||
7 Day CHG~0.00%
Published-15 Jan, 2021 | 15:13
Updated-03 Aug, 2024 | 18:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An attacker could cause a Prometheus denial of service in GitLab 13.7+ by sending an HTTP request with a malformed method

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2025-1477
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 11.55%
||
7 Day CHG~0.00%
Published-13 Aug, 2025 | 17:27
Updated-15 Aug, 2025 | 16:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 8.14 before 18.0.6, 18.1 before 18.1.4, and 18.2 before 18.2.2 that could have allowed an unauthenticated user to create a denial of service condition by sending specially crafted payloads to specific integration API endpoints.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-1677
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 31.80%
||
7 Day CHG-0.02%
Published-10 Apr, 2025 | 12:30
Updated-07 Aug, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Allocation of Resources Without Limits or Throttling in GitLab

A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all up to 17.8.7, 17.9 prior to 17.9.6 and 17.10 prior to 17.10.4 A denial of service could occur upon injecting oversized payloads into CI pipeline exports.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-1516
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 24.16%
||
7 Day CHG~0.00%
Published-12 Jun, 2025 | 10:02
Updated-08 Aug, 2025 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 8.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper input validation in Tokens Names could be used to trigger a denial of service.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-1478
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 24.16%
||
7 Day CHG~0.00%
Published-12 Jun, 2025 | 10:02
Updated-08 Aug, 2025 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 8.13 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of input validation in Board Names could be used to trigger a denial of service.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2023-3364
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-7.5||HIGH
EPSS-6.04% / 90.36%
||
7 Day CHG~0.00%
Published-01 Aug, 2023 | 23:36
Updated-22 May, 2025 | 04:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Inefficient Regular Expression Complexity in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible via sending crafted payloads which use AutolinkFilter to the preview_markdown endpoint.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2025-0993
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-7.5||HIGH
EPSS-0.06% / 18.96%
||
7 Day CHG~0.00%
Published-22 May, 2025 | 14:31
Updated-29 May, 2025 | 15:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. This could allow an authenticated attacker to cause a denial of service condition by exhausting server resources.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-0639
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.08% / 23.96%
||
7 Day CHG+0.02%
Published-24 Apr, 2025 | 07:31
Updated-08 Aug, 2025 | 16:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered affecting service availability via issue preview in GitLab CE/EE affecting all versions from 16.7 before 17.9.7, 17.10 before 17.10.5, and 17.11 before 17.11.1.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-1257
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.05% / 14.94%
||
7 Day CHG+0.01%
Published-13 Mar, 2025 | 06:00
Updated-08 Aug, 2025 | 01:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Allocation of Resources Without Limits or Throttling in GitLab

An issue was discovered in GitLab EE affecting all versions starting with 12.3 before 17.7.7, 17.8 prior to 17.8.5, and 17.9 prior to 17.9.2. A vulnerability in certain GitLab instances could allow an attacker to cause a denial of service condition by manipulating specific API inputs.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2025-0673
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-7.5||HIGH
EPSS-0.02% / 3.95%
||
7 Day CHG~0.00%
Published-12 Jun, 2025 | 11:03
Updated-08 Aug, 2025 | 18:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Loop with Unreachable Exit Condition ('Infinite Loop') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2, allow an attacker to trigger an infinite redirect loop, potentially leading to a denial of service condition.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
CVE-2024-9633
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-3.1||LOW
EPSS-0.02% / 2.38%
||
7 Day CHG~0.00%
Published-14 Nov, 2024 | 13:30
Updated-12 Dec, 2024 | 21:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect Ownership Assignment in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.3 before 17.4.2, all versions starting from 17.5 before 17.5.4, all versions starting from 17.6 before 17.6.2. This issue allows an attacker to create a group with a name matching an existing unique Pages domain, potentially leading to domain confusion attacks.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-708
Incorrect Ownership Assignment
CVE-2024-8973
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 19.04%
||
7 Day CHG~0.00%
Published-09 May, 2025 | 16:14
Updated-08 Aug, 2025 | 16:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.1 prior to 17.9.8, from 17.10 prior to 17.10.6, and from 17.11 prior to 17.11.2. It was possible to cause a DoS condition via GitHub import requests using a malicious crafted payload.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-9631
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-7.5||HIGH
EPSS-0.08% / 23.84%
||
7 Day CHG~0.00%
Published-05 Feb, 2025 | 10:30
Updated-06 Aug, 2025 | 18:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Inefficient Algorithmic Complexity in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 13.6 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, where viewing diffs of MR with conflicts can be slow.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-407
Inefficient Algorithmic Complexity
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2024-8237
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.61% / 68.90%
||
7 Day CHG-0.12%
Published-26 Nov, 2024 | 18:31
Updated-13 Dec, 2024 | 01:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Inefficient Algorithmic Complexity in GitLab

A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions prior to 12.6 prior to 17.4.5, 17.5 prior to 17.5.3, and 17.6 prior to 17.6.1. An attacker could cause a denial of service with a crafted cargo.toml file.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-407
Inefficient Algorithmic Complexity
CVE-2024-8177
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.16% / 37.42%
||
7 Day CHG+0.02%
Published-26 Nov, 2024 | 18:31
Updated-13 Dec, 2024 | 01:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Inefficient Algorithmic Complexity in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 15.6 prior to 17.4.5, starting from 17.5 prior to 17.5.3, starting from 17.6 prior to 17.6.1 which could cause Denial of Service via integrating a malicious harbor registry.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-407
Inefficient Algorithmic Complexity
CVE-2024-8233
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-7.5||HIGH
EPSS-0.11% / 30.17%
||
7 Day CHG~0.00%
Published-12 Dec, 2024 | 12:02
Updated-11 Jul, 2025 | 20:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Inefficient Algorithmic Complexity in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 9.4 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. An attacker could cause a denial of service with requests for diff files on a commit or merge request.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-407
Inefficient Algorithmic Complexity
CVE-2024-8124
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-7.5||HIGH
EPSS-0.93% / 75.16%
||
7 Day CHG~0.00%
Published-12 Sep, 2024 | 16:56
Updated-17 Sep, 2024 | 12:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Inefficient Regular Expression Complexity in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.1.7, starting from 17.2 prior to 17.2.5, starting from 17.3 prior to 17.3.2 which could cause Denial of Service via sending a specific POST request.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2022-3639
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.03% / 5.34%
||
7 Day CHG~0.00%
Published-21 Oct, 2022 | 00:00
Updated-07 May, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 10.8 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Improper data handling on branch creation could have been used to trigger high CPU usage.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2024-7803
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 19.04%
||
7 Day CHG~0.00%
Published-23 May, 2025 | 12:31
Updated-08 Aug, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A Discord webhook integration may cause DoS.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2022-3613
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-5.8||MEDIUM
EPSS-0.05% / 16.79%
||
7 Day CHG~0.00%
Published-12 Jan, 2023 | 00:00
Updated-08 Apr, 2025 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue has been discovered in GitLab CE/EE affecting all versions before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. A crafted Prometheus Server query can cause high resource consumption and may lead to Denial of Service.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-3283
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-7.5||HIGH
EPSS-0.24% / 46.84%
||
7 Day CHG~0.00%
Published-17 Oct, 2022 | 00:00
Updated-13 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before before 15.2.5, all versions starting from 15.3 before 15.3.4, all versions starting from 15.4 before 15.4.1 While cloning an issue with special crafted content added to the description could have been used to trigger high CPU usage.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2022-2931
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-7.5||HIGH
EPSS-0.07% / 21.67%
||
7 Day CHG~0.00%
Published-17 Oct, 2022 | 00:00
Updated-13 May, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Malformed content added to the issue description could have been used to trigger high CPU usage.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-400
Uncontrolled Resource Consumption
CVE-2023-4647
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.22% / 44.16%
||
7 Day CHG~0.00%
Published-01 Sep, 2023 | 10:30
Updated-05 May, 2025 | 14:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which the projects API pagination can be skipped, potentially leading to DoS on certain instances.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2023-2198
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-7.5||HIGH
EPSS-1.18% / 77.89%
||
7 Day CHG~0.00%
Published-07 Jun, 2023 | 00:00
Updated-07 Jan, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.7 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A Regular Expression Denial of Service was possible via sending crafted payloads to the preview_markdown endpoint.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2023-2199
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-7.5||HIGH
EPSS-1.18% / 77.89%
||
7 Day CHG~0.00%
Published-07 Jun, 2023 | 00:00
Updated-07 Jan, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.0 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A Regular Expression Denial of Service was possible via sending crafted payloads to the preview_markdown endpoint.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2021-39893
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.40% / 59.52%
||
7 Day CHG~0.00%
Published-05 Oct, 2021 | 12:18
Updated-04 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential DOS vulnerability was discovered in GitLab starting with version 9.1 that allowed parsing files without authorisation.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-862
Missing Authorization
CVE-2021-39912
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.25% / 47.93%
||
7 Day CHG~0.00%
Published-04 Nov, 2021 | 23:05
Updated-04 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential DoS vulnerability was discovered in GitLab CE/EE starting with version 13.7. Using a malformed TIFF images was possible to trigger memory exhaustion.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-770
Allocation of Resources Without Limits or Throttling
CVE-2022-1954
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.24% / 46.38%
||
7 Day CHG~0.00%
Published-01 Jul, 2022 | 17:01
Updated-03 Aug, 2024 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A Regular Expression Denial of Service vulnerability in GitLab CE/EE affecting all versions from 1.0.2 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1 allows an attacker to make a GitLab instance inaccessible via specially crafted web server response headers

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2022-1431
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.68% / 70.61%
||
7 Day CHG~0.00%
Published-10 May, 2022 | 20:27
Updated-03 Aug, 2024 | 00:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly handling malicious requests to the PyPi API endpoint allowing the attacker to cause uncontrolled resource consumption.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-79
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
CWE ID-CWE-20
Improper Input Validation
CVE-2022-1510
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.50% / 64.80%
||
7 Day CHG~0.00%
Published-11 May, 2022 | 14:48
Updated-03 Aug, 2024 | 00:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue has been discovered in GitLab affecting all versions starting from 13.9 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly handling malicious text in the CI Editor and CI Pipeline details page allowing the attacker to cause uncontrolled resource consumption.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-1333
Inefficient Regular Expression Complexity
CVE-2023-3917
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.12% / 32.29%
||
7 Day CHG~0.00%
Published-29 Sep, 2023 | 06:02
Updated-22 May, 2025 | 04:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Validation of Specified Type of Input in GitLab

Denial of Service in pipelines affecting all versions of Gitlab EE and CE prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows attacker to cause pipelines to fail.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-1287
Improper Validation of Specified Type of Input
CVE-2023-3904
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.02% / 4.34%
||
7 Day CHG~0.00%
Published-15 Dec, 2023 | 16:03
Updated-22 May, 2025 | 04:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Validation of Specified Type of Input in GitLab

An issue has been discovered in GitLab EE affecting all versions starting before 16.4.4, all versions starting from 16.5 before 16.5.4, all versions starting from 16.6 before 16.6.2. It was possible to overflow the time spent on an issue that altered the details shown in the issue boards.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-1287
Improper Validation of Specified Type of Input
CVE-2023-3900
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.22% / 44.16%
||
7 Day CHG~0.00%
Published-02 Aug, 2023 | 00:07
Updated-22 May, 2025 | 04:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Validation of Specified Type of Input in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. An invalid 'start_sha' value on merge requests page may lead to Denial of Service as Changes tab would not load.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-1287
Improper Validation of Specified Type of Input
CVE-2020-14155
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 36.53%
||
7 Day CHG~0.00%
Published-15 Jun, 2020 | 00:00
Updated-04 Aug, 2024 | 12:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

libpcre in PCRE before 8.44 allows an integer overflow via a large number after a (?C substring.

Action-Not Available
Vendor-pcren/aGitLab Inc.Apple Inc.NetApp, Inc.Splunk LLC (Cisco Systems, Inc.)Oracle Corporation
Product-h500scloud_backuph410c_firmwareh300s_firmwarepcreactive_iq_unified_managerh410smacosh300suniversal_forwardercommunications_cloud_native_core_policysteelstore_cloud_integrated_storageclustered_data_ontapontap_select_deploy_administration_utilityh410s_firmwareh700s_firmwareh500s_firmwareh410cgitlabh700sn/a
CWE ID-CWE-190
Integer Overflow or Wraparound
CVE-2020-13315
Matching Score-8
Assigner-GitLab Inc.
ShareView Details
Matching Score-8
Assigner-GitLab Inc.
CVSS Score-3.7||LOW
EPSS-0.37% / 57.86%
||
7 Day CHG~0.00%
Published-14 Sep, 2020 | 21:32
Updated-04 Aug, 2024 | 12:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was discovered in GitLab versions before 13.1.10, 13.2.8 and 13.3.4. The profile activity page was not restricting the amount of results one could request, potentially resulting in a denial of service.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
  • Previous
  • 1
  • 2
  • Next
Details not found