Vendor GitLab
Affected product GitLab CE/EE
Affected versions 6.6-15.5.7, 15.6-15.6.4, 15.7-15.7.2
Vulnerability type CWE-1333: Inefficient Regular Expression Complexity
Description An issue has been discovered in GitLab CE/EE affecting all versions starting from 6.6 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. An attacker may cause Denial of Service on a GitLab instance by exploiting a regex issue in the submodule URL parser.
Status Fixed
Reporter So Sakaguchi, GMO Cybersecurity by Ierae, Inc.