CVE-2021-39939

CWE-400Uncontrolled Resource Consumption5 documents5 sources
Severity
6.5MEDIUM
EPSS
0.1%
top 66.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Gitlab GitlabGitlab Gitlab Runner
Timeline
PublishedDec 13
Latest updateDec 14

Description

An uncontrolled resource consumption vulnerability in GitLab Runner affecting all versions starting from 13.7 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker triggering a job with a specially crafted docker image to exhaust resources on runner manager

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

CVEListV5gitlab/gitlab_runner>=13.7, <14.3.6, >=14.4, <14.4.4, >=14.5, <14.5.2+2
NVDgitlab/gitlab13.7.014.3.6+2

🔴Vulnerability Details

3
GHSA
GHSA-9jvc-93xj-9mfg: An uncontrolled resource consumption vulnerability in GitLab Runner affecting all versions starting from 132021-12-14
CVEList
CVE-2021-39939: An uncontrolled resource consumption vulnerability in GitLab Runner affecting all versions starting from 132021-12-13
OSV
CVE-2021-39939: An uncontrolled resource consumption vulnerability in GitLab Runner affecting all versions starting from 132021-12-13

📋Vendor Advisories

1
GitLab
CVE-2021-39939: An uncontrolled resource consumption vulnerability in GitLab Runner affecting all versions starting from 13.7 before 14.3.6, all versions starting fro2021-12-13
CVE-2021-39939 (MEDIUM CVSS 6.5) | An uncontrolled resource consumptio | cvebase.io