A lack of length validation in GitLab CE/EE affecting all versions from 8.3 before 15.10.8, 15.11 before 15.11.7, and 16.0 before 16.0.2 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitLab
Published: 2023-06-06T00:00:00
Updated: 2024-08-02T05:24:34.643Z
Reserved: 2023-02-20T00:00:00
Link: CVE-2023-0921
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-06-06T17:15:12.747
Modified: 2023-06-12T18:43:08.817
Link: CVE-2023-0921
Redhat
No data.