Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2022-0477

Опубликовано: 25 апр. 2022
Источник: nvd
CVSS3: 4.9
CVSS2: 4
EPSS Низкий

Описание

An issue has been discovered in GitLab affecting all versions starting from 11.9 before 14.5.4, all versions starting from 14.6.0 before 14.6.4, all versions starting from 14.7.0 before 14.7.1. GitLab was not correctly handling bulk requests to delete existing packages from the package registries which could result in a Denial of Service under specific conditions.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
Версия от 11.9 (включая) до 14.5.4 (исключая)
cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
Версия от 14.6.0 (включая) до 14.6.4 (исключая)
cpe:2.3:a:gitlab:gitlab:14.7.0:*:*:*:*:*:*:*

EPSS

Процентиль: 41%
0.00187
Низкий

4.9 Medium

CVSS3

4 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

ubuntu логотип

CVE-2022-0477

CVSS3: 4.9
ubuntu
почти 4 года назад

An issue has been discovered in GitLab affecting all versions starting from 11.9 before 14.5.4, all versions starting from 14.6.0 before 14.6.4, all versions starting from 14.7.0 before 14.7.1. GitLab was not correctly handling bulk requests to delete existing packages from the package registries which could result in a Denial of Service under specific conditions.

debian логотип

CVE-2022-0477

CVSS3: 4.9
debian
почти 4 года назад

An issue has been discovered in GitLab affecting all versions starting ...

github логотип

GHSA-3hmc-2fvj-7wmx

CVSS3: 4.9
github
почти 4 года назад

An issue has been discovered in GitLab affecting all versions starting from 11.9 before 14.5.4, all versions starting from 14.6.0 before 14.6.4, all versions starting from 14.7.0 before 14.7.1. GitLab was not correctly handling bulk requests to delete existing packages from the package registries which could result in a Denial of Service under specific conditions.

EPSS

Процентиль: 41%
0.00187
Низкий

4.9 Medium

CVSS3

4 Medium

CVSS2

Дефекты

NVD-CWE-noinfo