CVE-2020-26411

Summary

A potential DOS vulnerability was discovered in all versions of Gitlab starting from 13.4.x (>=13.4 to <13.4.7, >=13.5 to <13.5.5, and >=13.6 to <13.6.2). Using a specific query name for a project search can cause statement timeouts that can lead to a potential DOS if abused.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab>=13.4, <13.4.7affected
GitLabGitLab>=13.5, <13.5.5affected
GitLabGitLab>=13.6, <13.6.2affected

Weaknesses

  • Uncontrolled resource consumption in GitLab

ADP Enrichment

CVE Program Container

Additional References

References