First published: Tue Oct 05 2021(Updated: )
A Denial Of Service vulnerability in the apollo_upload_server Ruby gem in GitLab CE/EE all versions starting from 11.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to deny access to all users via specially crafted requests to the apollo_upload_server middleware.
Credit: cve@gitlab.com
Affected Software | Affected Version | How to fix |
---|---|---|
GitLab GitLab | >11.9.0<14.0.9 | |
GitLab GitLab | >=11.9.0<14.0.9 | |
GitLab GitLab | >14.1.0<14.1.4 | |
GitLab GitLab | >=14.1.0<14.1.4 | |
GitLab GitLab | >=14.2.0<14.2.2 | |
GitLab GitLab | >=14.2.0<14.2.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-39880 is a Denial of Service vulnerability in the apollo_upload_server Ruby gem in GitLab CE/EE.
All versions of GitLab starting from 11.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 are affected.
CVE-2021-39880 has a severity score of 6.5, which is classified as medium.
An attacker can exploit CVE-2021-39880 by sending specially crafted requests to the apollo_upload_server Ruby gem, which can result in a denial of service, denying access to all users.
Yes, GitLab has released fixes for CVE-2021-39880. It is recommended to update to the latest version of GitLab to mitigate the vulnerability.