Unrated severityNVD Advisory· Published Oct 17, 2022· Updated May 13, 2025
CVE-2022-2592
CVE-2022-2592
Description
A lack of length validation in Snippet descriptions in GitLab CE/EE affecting all versions prior to 15.1.6, 15.2 prior to 15.2.4 and 15.3 prior to 15.3.2 allows an authenticated attacker to create a maliciously large Snippet which when requested with or without authentication places excessive load on the server, potential leading to Denial of Service.
Affected products
3>=15.0 <15.1.6 || >=15.2 <15.2.4 || >=15.3 <15.3.2+ 1 more
- (no CPE)range: >=15.0 <15.1.6 || >=15.2 <15.2.4 || >=15.3 <15.3.2
- (no CPE)range: >=12.9.8, <15.1.6
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.