CVE-2023-4647

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-4647
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-4647.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-4647
Aliases
Downstream
Published
2023-09-01T10:30:27.108Z
Modified
2026-04-10T05:03:48.428645Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Allocation of Resources Without Limits or Throttling in GitLab
Details

An issue has been discovered in GitLab affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which the projects API pagination can be skipped, potentially leading to DoS on certain instances.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/4xxx/CVE-2023-4647.json",
    "cna_assigner": "GitLab",
    "cwe_ids": [
        "CWE-770"
    ]
}
References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
d836c22d87f6f0397b93cc72ce3af27a6dc02d93
Fixed
075efefa5f88454cb1afda1f0270e91edcb55ed3
Introduced
d836c22d87f6f0397b93cc72ce3af27a6dc02d93
Fixed
075efefa5f88454cb1afda1f0270e91edcb55ed3
Introduced
3adc0fe6e7c163bedd7faa5f0c4d1e5fbb6bf3c5
Fixed
16c20745a286eb674f48366d84abe5f4dd5fb2c6
Introduced
3adc0fe6e7c163bedd7faa5f0c4d1e5fbb6bf3c5
Fixed
16c20745a286eb674f48366d84abe5f4dd5fb2c6
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
3dfd4e0bcc7eae4330e7fed87ec74bee9a8bdf2d
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
3dfd4e0bcc7eae4330e7fed87ec74bee9a8bdf2d
Database specific 
{
    "versions": [
        {
            "introduced": "15.2.0"
        },
        {
            "fixed": "16.1.5"
        },
        {
            "introduced": "15.2.0"
        },
        {
            "fixed": "16.1.5"
        },
        {
            "introduced": "16.2"
        },
        {
            "fixed": "16.2.5"
        },
        {
            "introduced": "16.2"
        },
        {
            "fixed": "16.2.5"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "16.3.0"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "16.3.0"
        }
    ]
}

Affected versions

Other
11-10-0cfa69752d8-0d9531c80-ee
11-10-0cfa69752d8-74ffd66ae-ee
11-10-119f9509d50-6d7537235-ee
v1.*
v1.2.0
v1.2.0pre
v1.2.1
v1.2.2
v16.*
v16.1.0-ee
v16.1.0-rc42-ee
v16.1.4-ee
v16.2.0-ee
v16.2.1-ee
v16.2.3-ee
v16.2.4-ee
v16.3.0-ee
v16.3.0-rc42-ee
v16.3.0-rc43-ee
v2.*
v2.3.0
v2.3.0pre
v2.3.1
v2.4.0
v2.4.0pre
v2.4.1
v2.5.0
v2.6.0
v2.6.0pre
v2.6.1
v2.6.2
v2.6.3
v2.7.0
v2.7.0pre
v2.8.0
v2.8.0pre
v2.8.1
v2.8.2
v2.9.0
v2.9.1
v3.*
v3.0.0
v3.0.1
v3.0.2
v3.0.3
v3.1.0
v4.*
v4.0.0
v4.0.0rc1
v4.0.0rc2
v5.*
v5.0.0
v5.1.0
v5.2.0
v6.*
v6.0.0-ee
v6.0.0-ee.beta
v6.0.0-ee.rc1
v6.1.0-ee
v6.3.0-ee
v6.3.1-ee
v6.4.0-ee
v6.5.0-ee
v6.6.0-ee
v6.7.0-ee
v6.7.0.rc1-ee
v6.8.0-ee
v7.*
v7.0.0-ee
v7.1.0-ee
v7.1.0.rc1-ee
v7.2.0.rc1-ee
v7.2.0.rc2-ee
v7.2.0.rc3-ee
v7.2.0.rc4-ee
v7.2.0.rc5-ee
v7.3.0-ee
v7.3.0.rc1-ee

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-4647.json"