CVE-2024-7610

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-7610

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-7610.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-7610

Aliases

BIT-gitlab-2024-7610

Related

UBUNTU-CVE-2024-7610

Published

2024-08-08T11:15:13Z

Modified

2024-10-07T23:30:58Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions starting with 15.9 before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. It is possible for an attacker to cause catastrophic backtracking while parsing results from Elasticsearch.

References

https://gitlab.com/gitlab-org/gitlab/-/issues/468917

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

b107c0bae0871a67dee31ad8e52550d32c4afb66

Fixed

0769166123e68c6e8fcf99c499c399b8812e9a82