Medium severity6.5NVD Advisory· Published May 14, 2024· Updated Jun 17, 2026
CVE-2024-2454
CVE-2024-2454
Description
An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.11 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2. The pins endpoint is susceptible to DoS through a crafted request.
Affected products
4cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*range: 15.11
- (no CPE)range: starting from 15.11 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2
- Range: starting from 15.11 prior to 16.9.7, starting from 16.10 prior to 16.10.5, and starting from 16.11 prior to 16.11.2
Patches
Vulnerability mechanics
References
2- gitlab.com/gitlab-org/gitlab/-/issues/450405nvdBroken Link
- hackerone.com/reports/2408226nvdPermissions Required
News mentions
1- GitLab Patch Release: 16.11.2, 16.10.5, 16.9.7GitLab Security Releases · May 8, 2024