An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.14 before 16.0.8, all versions starting from 16.1 before 16.1.3, all versions starting from 16.2 before 16.2.2. A Regular Expression Denial of Service was possible via sending crafted payloads which use AutolinkFilter to the preview_markdown endpoint.
Metrics
Affected Vendors & Products
References
History
Thu, 19 Sep 2024 02:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Thu, 29 Aug 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
CPEs | cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:* |
MITRE
Status: PUBLISHED
Assigner: GitLab
Published: 2023-08-01T23:36:00.662Z
Updated: 2024-09-18T04:04:30.185Z
Reserved: 2023-06-22T07:15:42.079Z
Link: CVE-2023-3364
Vulnrichment
Updated: 2024-08-02T06:55:02.657Z
NVD
Status : Analyzed
Published: 2023-08-02T00:15:18.467
Modified: 2023-08-04T19:12:09.647
Link: CVE-2023-3364
Redhat