An issue in GitLab CE/EE allows Regular Expression DoS via crafted payloads
Reporter | Title | Published | Views | Family All 13 |
---|---|---|---|---|
Cvelist | CVE-2023-3994 Inefficient Regular Expression Complexity in GitLab | 2 Aug 202300:06 | – | cvelist |
RedhatCVE | CVE-2023-3994 | 22 Aug 202317:49 | – | redhatcve |
OSV | BIT-gitlab-2023-3994 | 6 Mar 202411:00 | – | osv |
OSV | CVE-2023-3994 | 2 Aug 202301:15 | – | osv |
UbuntuCve | CVE-2023-3994 | 2 Aug 202300:00 | – | ubuntucve |
Vulnrichment | CVE-2023-3994 Inefficient Regular Expression Complexity in GitLab | 2 Aug 202300:06 | – | vulnrichment |
NVD | CVE-2023-3994 | 2 Aug 202301:15 | – | nvd |
Prion | Design/Logic Flaw | 2 Aug 202301:15 | – | prion |
Veracode | Regular Expression Denial Of Service (ReDoS) | 8 Oct 202317:52 | – | veracode |
Tenable Nessus | GitLab 9.3 < 16.0.8 / 16.1 < 16.1.3 / 16.2 < 16.2.2 (CVE-2023-3994) | 1 Aug 202300:00 | – | nessus |
[
{
"cpes": [
"cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "GitLab",
"repo": "git://[email protected]:gitlab-org/gitlab.git",
"vendor": "GitLab",
"versions": [
{
"lessThan": "16.0.8",
"status": "affected",
"version": "9.3",
"versionType": "semver"
},
{
"lessThan": "16.1.3",
"status": "affected",
"version": "16.1",
"versionType": "semver"
},
{
"lessThan": "16.2.2",
"status": "affected",
"version": "16.2",
"versionType": "semver"
}
]
}
]
Source | Link |
---|---|
hackerone | www.hackerone.com/reports/1963255 |
gitlab | www.gitlab.com/gitlab-org/gitlab/-/issues/416225 |
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo