CVE-2021-39942

Severity CVSS v4.0:
Pending analysis
Type:
CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
Publication date:
18/01/2022
Last modified:
25/01/2022

Description

A denial of service vulnerability in GitLab CE/EE affecting all versions starting from 12.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2, allows low-privileged users to bypass file size limits in the NPM package repository to potentially cause denial of service.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* 12.0 (including) 14.3.6 (excluding)
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* 12.0 (including) 14.3.6 (excluding)
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* 14.4 (including) 14.4.4 (excluding)
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* 14.4 (including) 14.4.4 (excluding)
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* 14.5 (including) 14.5.2 (excluding)
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* 14.5 (including) 14.5.2 (excluding)