First published: Mon Dec 13 2021(Updated: )
An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A regular expression used for handling user input (notes, comments, etc) was susceptible to catastrophic backtracking that could cause a DOS attack.
Credit: cve@gitlab.com cve@gitlab.com
Affected Software | Affected Version | How to fix |
---|---|---|
GitLab GitLab | >=12.10.0<14.3.6 | |
GitLab GitLab | >=12.10.0<14.3.6 | |
GitLab GitLab | >=14.4.0<14.4.4 | |
GitLab GitLab | >=14.4.0<14.4.4 | |
GitLab GitLab | >=14.5.0<14.5.2 | |
GitLab GitLab | >=14.5.0<14.5.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The severity of CVE-2021-39933 is medium with a severity value of 6.5.
CVE-2021-39933 affects all versions of GitLab CE/EE starting from 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4, and all versions starting from 14.5 before 14.5.2.
CVE-2021-39933 is a vulnerability in GitLab CE/EE where a regular expression used for handling user input (notes, comments, etc) is susceptible to catastrophic backtracking.
To fix CVE-2021-39933, it is recommended to upgrade GitLab CE/EE to versions 14.3.6, 14.4.4, or 14.5.2 or later.
More information about CVE-2021-39933 can be found at the following references: [Reference 1](https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39933.json), [Reference 2](https://gitlab.com/gitlab-org/gitlab/-/issues/340449), [Reference 3](https://hackerone.com/reports/1320077).