First published: Thu May 23 2024(Updated: )
A denial of service (DoS) condition was discovered in GitLab CE/EE affecting all versions from 13.2.4 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. By leveraging this vulnerability an attacker could create a DoS condition by sending crafted API calls.
Credit: cve@gitlab.com
Affected Software | Affected Version | How to fix |
---|---|---|
GitLab | >=13.2.4<16.10.6 | |
GitLab | >=13.2.4<16.10.6 | |
GitLab | >=16.11.0<16.11.3 | |
GitLab | >=16.11.0<16.11.3 | |
GitLab | =17.0.0 | |
GitLab | =17.0.0 |
Upgrade to versions 16.10.6, 16.11.3, 17.0.1 or above.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-1947 is classified as a high severity denial of service (DoS) vulnerability.
To mitigate CVE-2024-1947, upgrade GitLab to a version that is 16.10.6 or higher, 16.11.3 or higher, or 17.0.1 or higher.
CVE-2024-1947 affects GitLab CE/EE versions from 13.2.4 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1.
CVE-2024-1947 primarily causes a denial of service, disrupting system availability but not leading to direct data loss.
CVE-2024-1947 enables attackers to create a denial of service condition by sending crafted API calls.