Lucene search

PRIOn knowledge basePRION:CVE-2023-5963

HistoryNov 06, 2023 - 1:15 p.m.

Design/Logic Flaw

2023-11-0613:15:00

PRIOn knowledge base

www.prio-n.com

gitlab

advanced search

denial of service

syntax operators

vulnerability

6.7 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

13.5%

JSON

An issue has been discovered in GitLab EE with Advanced Search affecting all versions from 13.9 to 16.3.6, 16.4 prior to 16.4.2 and 16.5 prior to 16.5.1 that could allow a denial of service in the Advanced Search function by chaining too many syntax operators.

CPENameOperatorVersion
gitlabge16.4.0
gitlablt16.4.2
gitlabeq16.5.0
gitlabge13.9.0
gitlable16.3.6

Name	Operator	Version
gitlab	ge	16.4.0
gitlab	lt	16.4.2
gitlab	eq	16.5.0
gitlab	ge	13.9.0
gitlab	le	16.3.6

References

gitlab.com/gitlab-org/gitlab/-/issues/423468