First published: Fri Mar 28 2025(Updated: )
An issue has been discovered in GitLab EE/CE affecting all versions from 12.10 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. A maliciously crafted file can cause uncontrolled CPU consumption when viewing the associated merge request.
Credit: cve@gitlab.com
Affected Software | Affected Version | How to fix |
---|---|---|
GitLab | >=12.10<17.8.6>=17.9<17.9.3>=17.10<17.10.1 |
Upgrade to versions 17.8.6, 17.9.3, 17.10.1 or above.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-10307 is considered a high severity vulnerability due to its ability to cause uncontrolled CPU consumption.
To fix CVE-2024-10307, you should upgrade GitLab EE/CE to version 17.8.6, 17.9.3, or 17.10.1 or later.
CVE-2024-10307 affects GitLab EE/CE versions from 12.10 up to but not including 17.8.6, 17.9 up to but not including 17.9.3, and 17.10 up to but not including 17.10.1.
CVE-2024-10307 can be exploited by uploading a maliciously crafted file that may lead to denial-of-service through excessive CPU consumption.
Yes, GitLab has released patches for CVE-2024-10307 in the latest updates for the affected versions.