| Vendor |
GitLab |
| Affected product |
GitLab CE/EE |
| Affected versions |
6.6-15.5.7, 15.6-15.6.4, 15.7-15.7.2 |
| Vulnerability type |
CWE-1333: Inefficient Regular Expression Complexity |
| Description |
An issue has been discovered in GitLab CE/EE affecting all versions starting from 6.6 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. An attacker may cause Denial of Service on a GitLab instance by exploiting a regex issue in the submodule URL parser. |
| Status |
Fixed |
| Reporter |
So Sakaguchi, GMO Cybersecurity by Ierae, Inc. |