VYPR
Unrated severityNVD Advisory· Published Sep 26, 2025· Updated Sep 26, 2025

Allocation of Resources Without Limits or Throttling in GitLab

CVE-2025-10858

Description

An issue was discovered in GitLab CE/EE affecting all versions before 18.2.7, 18.3 before 18.3.3, and 18.4 before 18.4.1 that allows unauthenticated users to cause a Denial of Service (DoS) condition while uploading specifically crafted large JSON files.

Affected products

11

Patches

Vulnerability mechanics

References

1

News mentions

1