VYPR
Unrated severityNVD Advisory· Published Oct 6, 2020· Updated Aug 4, 2024

CVE-2020-13333

CVE-2020-13333

Description

A potential DOS vulnerability was discovered in GitLab versions 13.1, 13.2 and 13.3. The api to update an asset as a link from a release had a regex check which caused exponential number of backtracks for certain user supplied values resulting in high CPU usage.

Affected products

3
  • GitLab Inc./GitLabllm-fuzzy2 versions
    13.1, 13.2, 13.3+ 1 more
    • (no CPE)range: 13.1, 13.2, 13.3
    • (no CPE)range: >=13.1, <13.2.10
  • osv-coords
    Range: >= 13.1.0, < 13.2.10

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.