Design/Logic Flaw

2021-02-1712:15:00

PRIOn knowledge base

www.prio-n.com

0.001 Low

EPSS

Percentile

30.1%

JSON

Any git operation is passed through Jetty and a session is created. No expiry is set for the session and Jetty does not automatically dispose of the session. Over multiple git actions, this can lead to a heap memory exhaustion for Gerrit servers. We recommend upgrading Gerrit to any of the versions listed above.

CPENameOperatorVersion
gerritge3.3.0
gerritlt3.3.2
gerritge3.2.0
gerritlt3.2.7
gerritge3.1.0
gerritlt3.1.12
gerritge3.0.0
gerritlt3.0.16
gerritge2.16.0
gerritlt2.16.26