CVE-2020-13333

Опубликовано: 06 окт. 2020

Источник: nvd

CVSS3: 4.3

CVSS2: 4

EPSS Низкий

Описание

A potential DOS vulnerability was discovered in GitLab versions 13.1, 13.2 and 13.3. The api to update an asset as a link from a release had a regex check which caused exponential number of backtracks for certain user supplied values resulting in high CPU usage.

Ссылки

https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13333.json
Third Party Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/218753
Broken Link
https://hackerone.com/reports/870820
Exploit
Third Party Advisory
https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13333.json
Third Party Advisory
https://gitlab.com/gitlab-org/gitlab/-/issues/218753
Broken Link
https://hackerone.com/reports/870820
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:gitlab:gitlab:13.1.0:*:*:*:community:*:*:*

cpe:2.3:a:gitlab:gitlab:13.1.0:*:*:*:enterprise:*:*:*

cpe:2.3:a:gitlab:gitlab:13.2.0:*:*:*:community:*:*:*

cpe:2.3:a:gitlab:gitlab:13.2.0:*:*:*:enterprise:*:*:*

cpe:2.3:a:gitlab:gitlab:13.3.0:*:*:*:community:*:*:*

cpe:2.3:a:gitlab:gitlab:13.3.0:*:*:*:enterprise:*:*:*

EPSS

Процентиль: 36%

0.00151

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-400

Связанные уязвимости

CVE-2020-13333

CVSS3: 4.3

ubuntu

больше 5 лет назад

CVE-2020-13333

CVSS3: 4.3

debian

больше 5 лет назад

A potential DOS vulnerability was discovered in GitLab versions 13.1, ...

GHSA-8h2p-m6f9-v8r7

github

больше 3 лет назад

EPSS

Процентиль: 36%

0.00151

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-400