CVE-2021-22166

Опубликовано: 15 янв. 2021

Источник: nvd

CVSS3: 5.3

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

An attacker could cause a Prometheus denial of service in GitLab 13.7+ by sending an HTTP request with a malformed method

Ссылки

https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22166.json
Third Party Advisory
https://gitlab.com/gitlab-org/labkit/-/issues/29
Broken Link
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-22166.json
Third Party Advisory
https://gitlab.com/gitlab-org/labkit/-/issues/29
Broken Link

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*

Версия от 13.7.0 (включая) до 13.7.2 (исключая)

cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*

Версия от 13.7.0 (включая) до 13.7.2 (исключая)

EPSS

Процентиль: 36%

0.0015

Низкий

5.3 Medium

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-400

Связанные уязвимости

CVE-2021-22166

CVSS3: 5.3

ubuntu

около 5 лет назад

An attacker could cause a Prometheus denial of service in GitLab 13.7+ by sending an HTTP request with a malformed method

CVE-2021-22166

CVSS3: 5.3

debian

около 5 лет назад

An attacker could cause a Prometheus denial of service in GitLab 13.7+ ...

GHSA-fj94-q44p-pf8f

github

больше 3 лет назад

An attacker could cause a Prometheus denial of service in GitLab 13.7+ by sending an HTTP request with a malformed method

EPSS

Процентиль: 36%

0.0015

Низкий

5.3 Medium

CVSS3

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-400