CVE-2020-13333

Summary

A potential DOS vulnerability was discovered in GitLab versions 13.1, 13.2 and 13.3. The api to update an asset as a link from a release had a regex check which caused exponential number of backtracks for certain user supplied values resulting in high CPU usage.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab>=13.1, <13.2.10affected
GitLabGitLab>=13.3.0, <13.3.7affected
GitLabGitLab>=13.4.0, <13.4.2affected

Weaknesses

  • Improper input validation in GitLab

ADP Enrichment

CVE Program Container

Additional References

References