CVE-2021-22553
published 2021-02-17CVE-2021-22553: Any git operation is passed through Jetty and a session is created. No expiry is set for the session and Jetty does not automatically dispose of the session…
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
Any git operation is passed through Jetty and a session is created. No expiry is set for the session and Jetty does not automatically dispose of the session. Over multiple git actions, this can lead to a heap memory exhaustion for Gerrit servers. We recommend upgrading Gerrit to any of the versions listed above.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gerrit | < 2.15.22 | 2.15.22 | |
| gerrit | >= 2.16.0 < 2.16.26 | 2.16.26 | |
| gerrit | >= 3.0.0 < 3.0.16 | 3.0.16 | |
| gerrit | >= 3.1.0 < 3.1.12 | 3.1.12 | |
| gerrit | >= 3.2.0 < 3.2.7 | 3.2.7 | |
| gerrit | >= 3.3.0 < 3.3.2 | 3.3.2 | |
| google_llc | gerrit | >= unspecified < 2.15.22 | 2.15.22 |
| google_llc | gerrit | >= unspecified < 2.16.26 | 2.16.26 |
| google_llc | gerrit | >= unspecified < 3.0.16 | 3.0.16 |
| google_llc | gerrit | >= unspecified < 3.1.12 | 3.1.12 |
| google_llc | gerrit | >= unspecified < 3.2.7 | 3.2.7 |
| google_llc | gerrit | >= unspecified < 3.3.2 | 3.3.2 |