CVE-2020-13349Uncontrolled Resource Consumption in Gitlab

CWE-400Uncontrolled Resource Consumption5 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 62.18%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GitlabGitlab EE
Timeline
PublishedNov 17
Latest updateMay 24

Description

An issue has been discovered in GitLab EE affecting all versions starting from 8.12. A regular expression related to a file path resulted in the Advanced Search feature susceptible to catastrophic backtracking. Affected versions are >=8.12, =13.4, =13.5, <13.5.2.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDgitlab/gitlab8.12.013.3.9+2
CVEListV5gitlab/gitlab_ee6 versions+5

🔴Vulnerability Details

2
GHSA
GHSA-7hm8-3c6v-r562: An issue has been discovered in GitLab EE affecting all versions starting from 82022-05-24
CVEList
CVE-2020-13349: An issue has been discovered in GitLab EE affecting all versions starting from 82020-11-17

📋Vendor Advisories

2
GitLab
CVE-2020-13349: An issue has been discovered in GitLab EE affecting all versions starting from 8.12. A regular expression related to a file path resulted in the Advan2020-11-17
Debian
CVE-2020-13349: gitlab - An issue has been discovered in GitLab EE affecting all versions starting from 8...2020
CVE-2020-13349 — Uncontrolled Resource Consumption | cvebase