An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.7 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. It was possible for an attacker to cause a denial of service by crafting unusual search terms for branch names.
Fixes

Solution

Upgrade to versions 16.9.7, 16.10.5, 16.11.2 or above.


Workaround

No workaround given by the vendor.

History

Wed, 06 Aug 2025 20:30:00 +0000

Type Values Removed Values Added
Weaknesses NVD-CWE-noinfo
CPEs cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Wed, 05 Feb 2025 20:15:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 05 Feb 2025 12:30:00 +0000

Type Values Removed Values Added
Description An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.7 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. It was possible for an attacker to cause a denial of service by crafting unusual search terms for branch names.
Title Allocation of Resources Without Limits or Throttling in GitLab
First Time appeared Gitlab
Gitlab gitlab
Weaknesses CWE-770
CPEs cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
Vendors & Products Gitlab
Gitlab gitlab
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitLab

Published:

Updated: 2025-02-05T20:11:02.837Z

Reserved: 2024-03-25T21:02:01.093Z

Link: CVE-2024-2878

cve-icon Vulnrichment

Updated: 2025-02-05T13:59:58.532Z

cve-icon NVD

Status : Analyzed

Published: 2025-02-05T13:15:22.523

Modified: 2025-08-06T20:17:38.607

Link: CVE-2024-2878

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.