GHSA-w6pv-c757-6rgr
Suggest an improvement- Source
- https://github.com/advisories/GHSA-w6pv-c757-6rgr
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-w6pv-c757-6rgr/GHSA-w6pv-c757-6rgr.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-w6pv-c757-6rgr
- Aliases
- Published
- 2022-05-24T19:16:32Z
- Modified
- 2024-12-03T05:56:54.407077Z
- Severity
-
- 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- apollo_upload_server has Denial of Service vulnerability
- Details
-
A Denial Of Service vulnerability in the apollouploadserver Ruby gem in GitLab CE/EE version 11.11 and above allows an attacker to deny access to all users via specially crafted requests to the apollouploadserver middleware.
- Database specific
{ "nvd_published_at": "2021-10-05T15:15:00Z", "cwe_ids": [], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2023-03-17T19:44:40Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2021-39880
- https://github.com/jetruby/apollo_upload_server-ruby/pull/44
- https://github.com/jetruby/apollo_upload_server-ruby/commit/b0582c1a3e458eee3c994fb38278bd0221f20486
- https://hackerone.com/reports/1181284
- https://github.com/jetruby/apollo_upload_server-ruby
- https://github.com/jetruby/apollo_upload_server-ruby/releases/tag/2.1.0
- https://github.com/rubysec/ruby-advisory-db/blob/master/gems/apollo_upload_server/CVE-2021-39880.yml
- https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39880.json
- https://gitlab.com/gitlab-org/gitlab/-/issues/330561
- https://gitlab.com/gitlab-org/gitlab/-/issues/330561#note_642879964
- https://vuldb.com/?id.183842
Affected packages
RubyGems / apollo_upload_server
Package
- Name
- apollo_upload_server
- Purl
- pkg:gem/apollo_upload_server