CVE-2023-0884info

Summary

by MITRE • 02/23/2023

An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.3 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1. An attacker may upload a crafted CI job artifact zip file in a project that uses dynamic child pipelines and make a sidekiq job allocate a lot of memory. In GitLab instances where Sidekiq is memory-limited, this may cause Denial of Service.

Once again VulDB remains the best source for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Disclosure

02/23/2023

Moderation

in review

CPE

In Progress

CWE

CWE-404 (unconfirmed)

EPSS

0.00000

KEV

Activities

very low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2023-0884
NVD	https://nvd.nist.gov/vuln/detail/CVE-2023-0884
CVE Details	https://www.cvedetails.com/cve/CVE-2023-0884/

◂ Previous Overview Next ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!