CVE-2024-12379

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-12379
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-12379.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-12379
Aliases
Downstream
Related
Published
2025-02-12T15:02:32.062Z
Modified
2026-04-10T05:08:26.296520Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
Allocation of Resources Without Limits or Throttling in GitLab
Details

A denial of service vulnerability in GitLab CE/EE affecting all versions from 14.1 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to impact the availability of GitLab via unbounded symbol creation via the scopes parameter in a Personal Access Token.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/12xxx/CVE-2024-12379.json",
    "cna_assigner": "GitLab",
    "cwe_ids": [
        "CWE-770"
    ]
}
References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
e4567ef4362f4ef24a09112564b31dfe9044ea12
Fixed
53bac28a6c50e5c1efa8b8d2520b24f32993682f
Database specific 
{
    "versions": [
        {
            "introduced": "14.1"
        },
        {
            "fixed": "17.6.5"
        }
    ]
}
Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
1fd574ee5710155adf5307fba45132264dcb64a1
Fixed
fd7fac14bde2a6aede8d3d68558c4761364e13df
Database specific 
{
    "versions": [
        {
            "introduced": "17.7"
        },
        {
            "fixed": "17.7.4"
        }
    ]
}
Type
GIT
Repo
https://gitlab.com/gitlab-org/gitlab
Events
Introduced
f03594b9e09b648c839e9c008286a24c93c82373
Fixed
290b47ded8be87247276edd4d9117662c70366c3
Database specific 
{
    "versions": [
        {
            "introduced": "17.8"
        },
        {
            "fixed": "17.8.2"
        }
    ]
}

Affected versions

v17.*
v17.7.0-ee
v17.7.2-ee
v17.8.0-ee

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-12379.json"