CVE-2020-13310Gitlab vulnerability

6 documents6 sources
Severity
6.5MEDIUMNVD
EPSS
0.3%
top 45.61%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
GitlabDebian GitlabGitlab Runner
Timeline
PublishedSep 14
Latest updateMay 24

Description

A vulnerability was discovered in GitLab runner versions before 13.1.3, 13.2.3 and 13.3.1. It was possible to make the gitlab-runner process crash by sending malformed queries, resulting in a denial of service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages5 packages

NVDgitlab/gitlab13.2.013.2.3+2
debiandebian/gitlab< gitlab 13.2.8-1 (sid)
CVEListV5gitlab/gitlab>=1.0, <13.1.3, >=13.2, <13.2.3, >=13.3, <13.3.1+2
gitlabgitlab/gitlab

🔴Vulnerability Details

2
GHSA
GHSA-cfp6-wq22-gv3m: A vulnerability was discovered in GitLab runner versions before 132022-05-24
OSV
CVE-2020-13310: A vulnerability was discovered in GitLab runner versions before 132020-09-14

📋Vendor Advisories

2
GitLab
CVE-2020-13310: A vulnerability was discovered in GitLab runner versions before 13.1.3, 13.2.3 and 13.3.1. It was possible to make the gitlab-runner process crash by2020-09-14
Debian
CVE-2020-13310: gitlab - A vulnerability was discovered in GitLab runner versions before 13.1.3, 13.2.3 a...2020

💬Community

1
Bugzilla
CVE-2019-13310 ImageMagick: memory leaks at AcquireMagickMemory because of an error in MagickWand/mogrify.c2019-07-16