CVE-2021-39940

Summary

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitLab Maven Package registry is vulnerable to a regular expression denial of service when a specifically crafted string is sent.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab>=14.5, <14.5.2affected
GitLabGitLab>=14.4, <14.4.4affected
GitLabGitLab>=13.2, <14.3.6affected

Weaknesses

  • Uncontrolled resource consumption in GitLab

ADP Enrichment

CVE Program Container

Additional References

References