CVE-2022-1100

Summary

A potential DOS vulnerability was discovered in GitLab CE/EE affecting all versions from 13.1 prior to 14.7.7, 14.8.0 prior to 14.8.5, and 14.9.0 prior to 14.9.2. The api to update an asset as a link from a release had a regex check which caused exponential number of backtracks for certain user supplied values resulting in high CPU usage.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab>=13.1, <14.7.7affected
GitLabGitLab>=14.8, <14.8.5affected
GitLabGitLab>=14.9, <14.9.2affected

Weaknesses

  • Improper input validation in GitLab

ADP Enrichment

CVE Program Container

Additional References

References