CVE-2023-3210

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-3210
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-3210.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-3210
Aliases
Downstream
Published
2023-09-01T10:31:06.983Z
Modified
2025-12-05T00:52:56.529218Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Inefficient Regular Expression Complexity in GitLab
Details

An issue has been discovered in GitLab affecting all versions starting from 15.11 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. An authenticated user could trigger a denial of service when importing or cloning malicious content.

Database specific 
{
    "cwe_ids": [
        "CWE-1333"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/3xxx/CVE-2023-3210.json",
    "cna_assigner": "GitLab"
}
References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
4dce6bc3728f63bc9086ff3088cda7527f6f0bec
Fixed
075efefa5f88454cb1afda1f0270e91edcb55ed3
Database specific 
{
    "versions": [
        {
            "introduced": "15.11"
        },
        {
            "fixed": "16.1.5"
        }
    ]
}
Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
3adc0fe6e7c163bedd7faa5f0c4d1e5fbb6bf3c5
Fixed
16c20745a286eb674f48366d84abe5f4dd5fb2c6
Database specific 
{
    "versions": [
        {
            "introduced": "16.2"
        },
        {
            "fixed": "16.2.5"
        }
    ]
}
Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
3dfd4e0bcc7eae4330e7fed87ec74bee9a8bdf2d
Fixed
67bb799df143b3adf43688cfa074e10c8a1d9a0c
Database specific 
{
    "versions": [
        {
            "introduced": "16.3"
        },
        {
            "fixed": "16.3.1"
        }
    ]
}

Affected versions

v16.*

v16.2.0-ee
v16.2.1-ee
v16.2.2-ee
v16.2.3-ee
v16.2.4-ee
v16.3.0-ee

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-3210.json"