UBUNTU-CVE-2024-7610

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2024-7610

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-7610.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2024-7610

Related

CVE-2024-7610

Published

2024-08-08T11:15:00Z

Modified

2025-01-13T10:24:48Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions starting with 15.9 before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. It is possible for an attacker to cause catastrophic backtracking while parsing results from Elasticsearch.

References

Affected packages

Ubuntu:Pro:16.04:LTS / gitlab

Package

Name: gitlab
Purl: pkg:deb/ubuntu/gitlab@8.5.8+dfsg-5?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

8.*

8.4.3+dfsg-9

8.4.3+dfsg-12

8.5.8+dfsg-5

Ecosystem specific

{
    "ubuntu_priority": "medium"
}