CVE-2020-13349
First published: Tue Nov 17 2020(Updated: )
An issue has been discovered in GitLab EE affecting all versions starting from 8.12. A regular expression related to a file path resulted in the Advanced Search feature susceptible to catastrophic backtracking. Affected versions are >=8.12, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.
Credit: cve@gitlab.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| GitLab | >=8.12.0<13.3.9 | |
| GitLab | >=13.4.0<13.4.5 | |
| GitLab | >=13.5.0<13.5.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2020-13349?
CVE-2020-13349 is classified as a medium severity vulnerability due to the potential for service disruption.
How do I fix CVE-2020-13349?
To fix CVE-2020-13349, upgrade your GitLab EE installation to version 13.3.9 or later, or to version 13.4.5 or later, or to version 13.5.2 or later.
Which versions are affected by CVE-2020-13349?
CVE-2020-13349 affects GitLab EE versions from 8.12 up to, but not including, 13.3.9, as well as specific versions 13.4 and 13.5 before reaching 13.4.5 and 13.5.2 respectively.
What is the nature of the vulnerability in CVE-2020-13349?
CVE-2020-13349 is related to catastrophic backtracking in a regular expression tied to the Advanced Search feature.
Is CVE-2020-13349 present in GitLab CE?
CVE-2020-13349 specifically affects GitLab EE, and there are no indications it impacts GitLab CE.
- agent/references
- agent/type
- agent/author
- agent/weakness
- agent/softwarecombine
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/gitlab
- canonical/gitlab
- version/gitlab/8.12.0
- version/gitlab/13.4.0
- version/gitlab/13.5.0