CVE-2022-2592 in Community EditionИнформация

Сводка

по MITRE • 17.10.2022

A lack of length validation in Snippet descriptions in GitLab CE/EE affecting all versions prior to 15.1.6, 15.2 prior to 15.2.4 and 15.3 prior to 15.3.2 allows an authenticated attacker to create a maliciously large Snippet which when requested with or without authentication places excessive load on the server, potential leading to Denial of Service.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

Ответственный

GitLab Inc.

Резервировать

01.08.2022

Раскрытие

17.10.2022

Модерация

принято

Вход

VDB-211171

EPSS

0.01044

KEV

Нет

Деятельности

Очень низкий

Источники

Do you need the next level of professionalism?

Upgrade your account now!