CVE-2020-13349

Summary

An issue has been discovered in GitLab EE affecting all versions starting from 8.12. A regular expression related to a file path resulted in the Advanced Search feature susceptible to catastrophic backtracking. Affected versions are >=8.12, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab EE>=8.12affected
GitLabGitLab EE<13.3.9affected
GitLabGitLab EE>=13.4affected
GitLabGitLab EE<13.4.5affected
GitLabGitLab EE>=13.5affected
GitLabGitLab EE<13.5.2affected

Weaknesses

  • Uncontrolled resource consumption in GitLab

ADP Enrichment

CVE Program Container

Additional References

References