VYPR
Unrated severityNVD Advisory· Published Jul 13, 2023· Updated Oct 30, 2024

Inefficient Regular Expression Complexity in GitLab

CVE-2023-3424

Description

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.3 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. A Regular Expression Denial of Service was possible via sending crafted payloads to the preview_markdown endpoint.

Affected products

3
  • GitLab Inc./GitLabllm-fuzzy2 versions
    >=10.3 <15.11.10, >=16.0 <16.0.6, >=16.1 <16.1.1+ 1 more
    • (no CPE)range: >=10.3 <15.11.10, >=16.0 <16.0.6, >=16.1 <16.1.1
    • (no CPE)range: 10.3
  • osv-coords
    Range: >= 10.3.0, < 15.11.10

Patches

Vulnerability mechanics

References

2

News mentions

1