VYPR
Unrated severityNVD Advisory· Published Oct 17, 2022· Updated May 13, 2025

CVE-2022-2592

CVE-2022-2592

Description

A lack of length validation in Snippet descriptions in GitLab CE/EE affecting all versions prior to 15.1.6, 15.2 prior to 15.2.4 and 15.3 prior to 15.3.2 allows an authenticated attacker to create a maliciously large Snippet which when requested with or without authentication places excessive load on the server, potential leading to Denial of Service.

Affected products

3
  • GitLab Inc./GitLabllm-fuzzy2 versions
    >=15.0 <15.1.6 || >=15.2 <15.2.4 || >=15.3 <15.3.2+ 1 more
    • (no CPE)range: >=15.0 <15.1.6 || >=15.2 <15.2.4 || >=15.3 <15.3.2
    • (no CPE)range: >=12.9.8, <15.1.6
  • osv-coords
    Range: >= 12.9.8, < 15.1.6

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.