CVE-2023-6159 — Regex Denial of Service in Gitlab

CWE-1333 — Regex Denial of Service6 documents5 sources

Severity

6.5MEDIUMNVD

OSV6.1

EPSS

0.2%

top 56.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gitlab Debian Gitlab Gitlab CE

Timeline

PublishedJan 26

Latest updateDec 11

Description

An issue has been discovered in GitLab CE/EE affecting all versions from 12.7 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 It was possible for an attacker to trigger a Regular Expression Denial of Service via a `Cargo.toml` containing maliciously crafted input.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages5 packages

▶CVEListV5gitlab/gitlab12.7 — 16.6.6+2

▶NVDgitlab/gitlab12.7.0 — 16.6.6+2

▶debiandebian/gitlab< gitlab 16.6.6-1 (sid)

▶gitlabgitlab/gitlab

▶gitlabgitlab/gitlab_ce

🔴Vulnerability Details

OSV

python-tornado vulnerabilities↗2024-12-11

▶

OSV

CVE-2023-6159: An issue has been discovered in GitLab CE/EE affecting all versions from 12↗2024-01-26

▶

GHSA

GHSA-6hch-mpjp-2743: An issue has been discovered in GitLab CE/EE affecting all versions from 12↗2024-01-26

▶

📋Vendor Advisories

GitLab

CVE-2023-6159: An issue has been discovered in GitLab CE/EE affecting all versions from 12.7 prior to 16.6.6, 16.7 prior to 16.7.4, and 16.8 prior to 16.8.1 It was p↗2024-01-26

▶

Debian

CVE-2023-6159: gitlab - An issue has been discovered in GitLab CE/EE affecting all versions from 12.7 pr...↗2023

▶