A potential DOS vulnerability exists in GitLab versions 13.1, 13.2 and 13.3. The api to update an asset as a link from a release had a regex check which caused exponential number of backtracks for certain user supplied values resulting in high CPU usage.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gitlab gitlab 13.1.0 |
||
gitlab gitlab 13.2.0 |
||
gitlab gitlab 13.3.0 |