CVE-2020-13354

Summary

A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 12.6. The container registry name check could cause exponential number of backtracks for certain user supplied values resulting in high CPU usage. Affected versions are: >=12.6, <13.3.9.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab CE/EE>=12.6affected
GitLabGitLab CE/EE<13.3.9affected

Weaknesses

  • Uncontrolled resource consumption in GitLab

ADP Enrichment

CVE Program Container

Additional References

References