CVE-2023-6736

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-6736

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-6736.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-6736

Aliases

BIT-gitlab-2023-6736

Downstream

UBUNTU-CVE-2023-6736

Published

2024-02-07T22:02:30.947Z

Modified

2025-11-20T20:33:05.492888Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

Inefficient Regular Expression Complexity in GitLab

Details

An issue has been discovered in GitLab EE affecting all versions starting from 11.3 before 16.7.6, all versions starting from 16.8 before 16.8.3, all versions starting from 16.9 before 16.9.1. It was possible for an attacker to cause a client-side denial of service using malicious crafted content in the CODEOWNERS file.

Database specific

{
    "cwe_ids": [
        "CWE-1333"
    ]
}

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

1bbe39452664021af90851aef8527ce5e850343e

Fixed

c8f3448a2f0cfb3c812fc4619e0f16bc3feb133b

Database specific

{
    "versions": [
        {
            "introduced": "11.3"
        },
        {
            "fixed": "16.7.6"
        }
    ]
}

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

1e912d57d5a8f1135f4d41e25469069790134d41

Fixed

39213e8fab4a70aa7cf64bb1c75012bb11fd7b15

Database specific

{
    "versions": [
        {
            "introduced": "16.8"
        },
        {
            "fixed": "16.8.3"
        }
    ]
}

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

76326ae8b898b38c8217ad037ed7122be00e62f0

Fixed

cc62007c12dc634c7442a9b1dc94508e50e5dba5

Database specific

{
    "versions": [
        {
            "introduced": "16.9"
        },
        {
            "fixed": "16.9.1"
        }
    ]
}

Affected versions

Other

11-10-0cfa69752d8-0d9531c80-ee

11-10-0cfa69752d8-74ffd66ae-ee

11-10-119f9509d50-6d7537235-ee

v11.*

v11.3.0.pre

v16.*

v16.7.0-ee

v16.7.0-rc42-ee

v16.7.0-rc43-ee

v16.7.0-rc44-ee

v16.7.2-ee

v16.7.3-ee

v16.7.4-ee

v16.7.5-ee

v16.8.0-ee

v16.8.1-ee

v16.8.2-ee

v16.9.0-ee

v16.9.0-rc44-ee

v6.*

v6.0.0-ee

v6.0.0-ee.beta

v6.0.0-ee.rc1

v6.1.0-ee

v6.2.1

v6.2.2

v6.3.0-ee

v6.3.1-ee

v6.4.0-ee

v6.4.1

v6.4.2

v6.4.3

v6.5.0-ee

v6.5.1

v6.6.0-ee

v6.6.1

v6.6.2

v6.7.0-ee

v6.7.0.rc1-ee

v6.7.1

v6.7.2

v6.8.0-ee

v6.8.1

v7.*

v7.0.0-ee

v7.1.0-ee

v7.1.0.rc1-ee

v7.2.0.rc1-ee

v7.2.0.rc2-ee

v7.2.0.rc3-ee

v7.2.0.rc4-ee

v7.2.0.rc5-ee

v7.3.0-ee

v7.3.0.rc1-ee

v7.4.0-ee

v7.4.1-ee

v7.4.2-ee

v7.4.3-ee

v7.4.4-ee

v8.*

v8.11.0

v8.11.0-ee

v8.11.0-rc1

v8.11.0-rc1-ee

v8.11.0-rc2

v8.11.0-rc2-ee

v8.11.0-rc3

v8.11.0-rc3-ee

v8.11.0-rc4

v8.11.0-rc4-ee

v8.11.0-rc5

v8.11.0-rc5-ee

v8.11.0-rc6

v8.11.0-rc6-ee

v8.11.0-rc7

v8.11.0-rc7-ee

v8.11.1

v8.12.0

v8.12.0-ee

v8.12.0-rc1

v8.12.0-rc1-ee

v8.12.0-rc2

v8.12.0-rc2-ee

v8.12.0-rc3

v8.12.0-rc3-ee

v8.12.0-rc4

v8.12.0-rc4-ee

v8.12.0-rc5

v8.12.0-rc5-ee

v8.12.0-rc6

v8.12.0-rc6-ee

v8.12.0-rc7

v8.12.0-rc7-ee

v8.12.0.pre

v8.12.1

v8.12.1-ee

v8.12.2

v8.12.2-ee

v8.12.3-ee

v8.2.0-ee

v8.2.0.rc1

v8.2.0.rc1-ee

v8.2.0.rc2

v8.2.0.rc2-ee

v8.8.0

v8.8.0-ee

v8.8.0-rc1

v8.8.0-rc1-ee

v8.8.0-rc2

v8.8.0-rc2-ee

v8.8.1-ee