CVE-2023-5963

Summary

An issue has been discovered in GitLab EE with Advanced Search affecting all versions from 13.9 to 16.3.6, 16.4 prior to 16.4.2 and 16.5 prior to 16.5.1 that could allow a denial of service in the Advanced Search function by chaining too many syntax operators.

Affected Software

VendorProductVersion RangeStatus
GitLabGitLab13.9 < 16.3.6affected
GitLabGitLab16.4.0 < 16.4.2affected
GitLabGitLab16.5.0 < 16.5.1affected

Weaknesses

  • CWE-770: CWE-770: Allocation of Resources Without Limits or Throttling

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References