CVE-2022-3639

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2022-3639
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-3639.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2022-3639
Aliases
Downstream
Published
2022-10-21T00:00:00Z
Modified
2026-02-18T03:21:34.855813Z
Severity
  • 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L CVSS Calculator
Summary
[none]
Details

A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 10.8 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. Improper data handling on branch creation could have been used to trigger high CPU usage.

Database specific 
{
    "cna_assigner": "GitLab",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2022/3xxx/CVE-2022-3639.json"
}
References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
342f33beb2ce090cfabfd0a5e7327b78d04588bb
Fixed
e3fcea907325032eeaa732b45d404a26e6310018
Database specific 
{
    "versions": [
        {
            "introduced": "10.8"
        },
        {
            "fixed": "15.1.6"
        }
    ]
}
Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
d836c22d87f6f0397b93cc72ce3af27a6dc02d93
Fixed
e04b0a6dd2a14f79ac08d66fea184314051a1669
Database specific 
{
    "versions": [
        {
            "introduced": "15.2"
        },
        {
            "fixed": "15.2.4"
        }
    ]
}
Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
b189ba070558de141d90142340de25bd3edcbefc
Fixed
e2ffae9620a2f88ebff56d17b26046f292aef85a
Database specific 
{
    "versions": [
        {
            "introduced": "15.3"
        },
        {
            "fixed": "15.3.2"
        }
    ]
}

Affected versions

Other
11-10-0cfa69752d8-0d9531c80-ee
11-10-0cfa69752d8-74ffd66ae-ee
11-10-119f9509d50-6d7537235-ee
v10.*
v10.8.0.pre
v10.9.0.pre
v11.*
v11.0.0.pre
v11.1.0.pre
v11.2.0.pre
v11.3.0.pre
v15.*
v15.1.0-ee
v15.1.0-rc42-ee
v15.1.0-rc43-ee
v15.1.1-ee
v15.1.2-ee
v15.1.3-ee
v15.1.4-ee
v15.1.5-ee
v15.2.0-ee
v15.2.1-ee
v15.2.2-ee
v15.2.3-ee
v15.3.0-ee
v15.3.1-ee
v6.*
v6.0.0-ee
v6.0.0-ee.beta
v6.0.0-ee.rc1
v6.1.0-ee
v6.2.1
v6.2.2
v6.3.0-ee
v6.3.1-ee
v6.4.0-ee
v6.4.1
v6.4.2
v6.4.3
v6.5.0-ee
v6.5.1
v6.6.0-ee
v6.6.1
v6.6.2
v6.7.0-ee
v6.7.0.rc1-ee
v6.7.1
v6.7.2
v6.8.0-ee
v6.8.1
v7.*
v7.0.0-ee
v7.1.0-ee
v7.1.0.rc1-ee
v7.2.0.rc1-ee
v7.2.0.rc2-ee
v7.2.0.rc3-ee
v7.2.0.rc4-ee
v7.2.0.rc5-ee
v7.3.0-ee
v7.3.0.rc1-ee
v7.4.0-ee
v7.4.1-ee
v7.4.2-ee
v7.4.3-ee
v7.4.4-ee
v8.*
v8.11.0
v8.11.0-ee
v8.11.0-rc1
v8.11.0-rc1-ee
v8.11.0-rc2
v8.11.0-rc2-ee
v8.11.0-rc3
v8.11.0-rc3-ee
v8.11.0-rc4
v8.11.0-rc4-ee
v8.11.0-rc5
v8.11.0-rc5-ee
v8.11.0-rc6
v8.11.0-rc6-ee
v8.11.0-rc7
v8.11.0-rc7-ee
v8.11.1
v8.12.0
v8.12.0-ee
v8.12.0-rc1
v8.12.0-rc1-ee
v8.12.0-rc2
v8.12.0-rc2-ee
v8.12.0-rc3
v8.12.0-rc3-ee
v8.12.0-rc4
v8.12.0-rc4-ee
v8.12.0-rc5
v8.12.0-rc5-ee
v8.12.0-rc6
v8.12.0-rc6-ee
v8.12.0-rc7
v8.12.0-rc7-ee
v8.12.0.pre
v8.12.1
v8.12.1-ee
v8.12.2
v8.12.2-ee
v8.12.3-ee
v8.2.0-ee
v8.2.0.rc1
v8.2.0.rc1-ee
v8.2.0.rc2
v8.2.0.rc2-ee
v8.8.0
v8.8.0-ee
v8.8.0-rc1
v8.8.0-rc1-ee
v8.8.0-rc2
v8.8.0-rc2-ee
v8.8.1-ee

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-3639.json"