CVE-2021-39939

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-39939

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-39939.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-39939

Aliases

BIT-gitlab-2021-39939

Downstream

UBUNTU-CVE-2021-39939

Published

2021-12-13T16:15:09.617Z

Modified

2026-03-14T12:12:22.824692Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

An uncontrolled resource consumption vulnerability in GitLab Runner affecting all versions starting from 13.7 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows an attacker triggering a job with a specially crafted docker image to exhaust resources on runner manager

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

036576a25d67513637c1e2cba5859af47695188e

Fixed

057790c613dea428aa523357c333ced5433794ee

Introduced

036576a25d67513637c1e2cba5859af47695188e

Fixed

057790c613dea428aa523357c333ced5433794ee

Introduced

19c719febd74b6edf549bf6a2c0e36bf8f176d56

Fixed

a1175384df48e74899d664520601823016d81084

Introduced

19c719febd74b6edf549bf6a2c0e36bf8f176d56

Fixed

a1175384df48e74899d664520601823016d81084

Introduced

490a8efda84a04e31ac41b882d95bb717c202437

Fixed

4511944420f00a68d5df2b3d81e5dae7fa2888f3

Introduced

490a8efda84a04e31ac41b882d95bb717c202437

Fixed

4511944420f00a68d5df2b3d81e5dae7fa2888f3

Database specific

{
    "versions": [
        {
            "introduced": "13.7.0"
        },
        {
            "fixed": "14.3.6"
        },
        {
            "introduced": "13.7.0"
        },
        {
            "fixed": "14.3.6"
        },
        {
            "introduced": "14.4.0"
        },
        {
            "fixed": "14.4.4"
        },
        {
            "introduced": "14.4.0"
        },
        {
            "fixed": "14.4.4"
        },
        {
            "introduced": "14.5.0"
        },
        {
            "fixed": "14.5.2"
        },
        {
            "introduced": "14.5.0"
        },
        {
            "fixed": "14.5.2"
        }
    ]
}

Affected versions

v14.*

v14.4.0-ee

v14.4.1-ee

v14.4.2-ee

v14.4.3-ee

v14.5.0-ee

v14.5.1-ee

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-39939.json"