In all versions of GitLab CE/EE since version 8.12, an authenticated low-privileged malicious user may create a project with unlimited repository size by modifying values in a project export.
{ "cpes": [ "cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*", "cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*", "cpe:2.3:a:gitlab:gitlab:4.3.0:*:*:*:community:*:*:*", "cpe:2.3:a:gitlab:gitlab:4.3.0:*:*:*:enterprise:*:*:*", "cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*" ], "severity": "Medium" }