Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2022-1100

Опубликовано: 04 апр. 2022
Источник: nvd
CVSS3: 4.3
CVSS2: 4
EPSS Низкий

Описание

A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 13.1 prior to 14.7.7, 14.8.0 prior to 14.8.5, and 14.9.0 prior to 14.9.2. The api to update an asset as a link from a release had a regex check which caused exponential number of backtracks for certain user supplied values resulting in high CPU usage.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
Версия от 13.1.0 (включая) до 14.7.7 (исключая)
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
Версия от 13.1.0 (включая) до 14.7.7 (исключая)
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
Версия от 14.8.0 (включая) до 14.8.5 (исключая)
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
Версия от 14.8.0 (включая) до 14.8.5 (исключая)
cpe:2.3:a:gitlab:gitlab:*:*:*:*:community:*:*:*
Версия от 14.9.0 (включая) до 14.9.2 (исключая)
cpe:2.3:a:gitlab:gitlab:*:*:*:*:enterprise:*:*:*
Версия от 14.9.0 (включая) до 14.9.2 (исключая)

EPSS

Процентиль: 38%
0.00166
Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-772

Связанные уязвимости

ubuntu логотип

CVE-2022-1100

CVSS3: 4.3
ubuntu
почти 4 года назад

A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 13.1 prior to 14.7.7, 14.8.0 prior to 14.8.5, and 14.9.0 prior to 14.9.2. The api to update an asset as a link from a release had a regex check which caused exponential number of backtracks for certain user supplied values resulting in high CPU usage.

debian логотип

CVE-2022-1100

CVSS3: 4.3
debian
почти 4 года назад

A potential DOS vulnerability was discovered in GitLab CE/EE affecting ...

github логотип

GHSA-fr4g-hmc7-w66h

CVSS3: 4.3
github
почти 4 года назад

A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 13.1 prior to 14.7.7, 14.8.0 prior to 14.8.5, and 14.9.0 prior to 14.9.2. The api to update an asset as a link from a release had a regex check which caused exponential number of backtracks for certain user supplied values resulting in high CPU usage.

EPSS

Процентиль: 38%
0.00166
Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-772