Unrated severityNVD Advisory· Published Jul 13, 2023· Updated Oct 30, 2024
Inefficient Regular Expression Complexity in GitLab
CVE-2023-3424
Description
An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.3 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. A Regular Expression Denial of Service was possible via sending crafted payloads to the preview_markdown endpoint.
Affected products
3>=10.3 <15.11.10, >=16.0 <16.0.6, >=16.1 <16.1.1+ 1 more
- (no CPE)range: >=10.3 <15.11.10, >=16.0 <16.0.6, >=16.1 <16.1.1
- (no CPE)range: 10.3
Patches
Vulnerability mechanics
References
2- hackerone.com/reports/1960970mitretechnical-descriptionexploit
- gitlab.com/gitlab-org/gitlab/-/issues/409802mitreissue-tracking
News mentions
1- GitLab Security Release: 16.1.1, 16.0.6, and 15.11.10GitLab Security Releases · Jun 29, 2023