CVE-2021-22210

Summary

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2. When querying the repository branches through API, GitLab was ignoring a query parameter and returning a considerable amount of results.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab>=13.11, <13.11.2affected
GitLabGitLab>=13.10, <13.10.4affected
GitLabGitLab>=13.2, <13.9.7affected

Weaknesses

  • Allocation of resources without limits or throttling in GitLab

ADP Enrichment

CVE Program Container

Additional References

References