Moderate severityNVD Advisory· Published Oct 5, 2021· Updated Aug 4, 2024
CVE-2021-39880
CVE-2021-39880
Description
A Denial Of Service vulnerability in the apollo_upload_server Ruby gem in GitLab CE/EE all versions starting from 11.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to deny access to all users via specially crafted requests to the apollo_upload_server middleware.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
apollo_upload_serverRubyGems | < 2.1.0 | 2.1.0 |
Affected products
3- osv-coords2 versions
>= 11.9.0, < 14.0.9+ 1 more
- (no CPE)range: >= 11.9.0, < 14.0.9
- (no CPE)range: < 2.1.0
- Range: >=14.2, <14.2.2
Patches
Vulnerability mechanics
References
11- github.com/advisories/GHSA-w6pv-c757-6rgrghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2021-39880ghsaADVISORY
- github.com/jetruby/apollo_upload_server-ruby/commit/b0582c1a3e458eee3c994fb38278bd0221f20486ghsaWEB
- github.com/jetruby/apollo_upload_server-ruby/pull/44ghsaWEB
- github.com/jetruby/apollo_upload_server-ruby/releases/tag/2.1.0ghsaWEB
- github.com/rubysec/ruby-advisory-db/blob/master/gems/apollo_upload_server/CVE-2021-39880.ymlghsaWEB
- gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39880.jsonghsax_refsource_CONFIRMWEB
- gitlab.com/gitlab-org/gitlab/-/issues/330561ghsax_refsource_MISCWEB
- gitlab.com/gitlab-org/gitlab/-/issues/330561ghsaWEB
- hackerone.com/reports/1181284ghsax_refsource_MISCWEB
- vuldb.comghsaWEB
News mentions
0No linked articles in our index yet.