CVE-2021-22168

Severity CVSS v4.0:
Pending analysis
Type:
CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')
Publication date:
15/01/2021
Last modified:
22/01/2021

Description

A regular expression denial of service issue has been discovered in NuGet API affecting all versions of GitLab starting from version 12.8.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* 12.8.0 (including) 13.5.6 (excluding)
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* 12.8.0 (including) 13.5.6 (excluding)
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* 13.6.0 (including) 13.6.4 (excluding)
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* 13.6.0 (including) 13.6.4 (excluding)
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:* 13.7.0 (including) 13.7.2 (excluding)
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:* 13.7.0 (including) 13.7.2 (excluding)