CVE-2021-22168Uncontrolled Resource Consumption in Gitlab

CWE-400Uncontrolled Resource Consumption5 documents5 sources
Severity
6.5MEDIUMNVD
EPSS
0.2%
top 61.70%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GitlabDebian Gitlab
Timeline
PublishedJan 15
Latest updateMay 24

Description

A regular expression denial of service issue has been discovered in NuGet API affecting all versions of GitLab starting from version 12.8.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

NVDgitlab/gitlab12.8.013.5.6+2
debiandebian/gitlab< gitlab 15.10.8+ds1-2 (sid)
CVEListV5gitlab/gitlab>=12.8, <13.5.6, >=13.6.0, <13.6.4, >=13.7.0, <13.7.2+2
gitlabgitlab/gitlab

🔴Vulnerability Details

2
GHSA
GHSA-7w6h-978p-xvrg: A regular expression denial of service issue has been discovered in NuGet API affecting all versions of GitLab starting from version 122022-05-24
OSV
CVE-2021-22168: A regular expression denial of service issue has been discovered in NuGet API affecting all versions of GitLab starting from version 122021-01-15

📋Vendor Advisories

2
GitLab
CVE-2021-22168: A regular expression denial of service issue has been discovered in NuGet API affecting all versions of GitLab starting from version 12.8.2021-01-15
Debian
CVE-2021-22168: gitlab - A regular expression denial of service issue has been discovered in NuGet API af...2021