Page 14 of 585 results (0.010 seconds)

CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0

An issue has been discovered in GitLab CE/EE affecting all versions starting from 8.7 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A Regular Expression Denial of Service was possible via sending crafted payloads to the preview_markdown endpoint. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2198.json https://gitlab.com/gitlab-org/gitlab/-/issues/408273 https://hackerone.com/reports/1947187 • CWE-1333: Inefficient Regular Expression Complexity •

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0

An issue has been discovered in GitLab CE/EE affecting all versions before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. An attacker was able to spoof protected tags, which could potentially lead a victim to download malicious code. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2001.json https://gitlab.com/gitlab-org/gitlab/-/issues/406764 https://hackerone.com/reports/1908423 •

CVSS: 4.3EPSS: 0%CPEs: 6EXPL: 0

A lack of length validation in GitLab CE/EE affecting all versions from 8.3 before 15.10.8, 15.11 before 15.11.7, and 16.0 before 16.0.2 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0921.json https://gitlab.com/gitlab-org/gitlab/-/issues/392433 https://hackerone.com/reports/1869839 • CWE-400: Uncontrolled Resource Consumption CWE-770: Allocation of Resources Without Limits or Throttling •

CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0

An issue has been discovered in GitLab affecting all versions before 15.9.8, 15.10.0 before 15.10.7, and 15.11.0 before 15.11.3. A malicious developer could use a git feature called refs/replace to smuggle content into a merge request which would not be visible during review in the UI. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-2181.json https://gitlab.com/gitlab-org/gitlab/-/issues/407859 https://hackerone.com/reports/1938185 •

CVSS: 4.3EPSS: 0%CPEs: 3EXPL: 0

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.1 before 15.10.8, all versions starting from 15.11 before 15.11.7, all versions starting from 16.0 before 16.0.2. A user could use an unverified email as a public email and commit email by sending a specifically crafted request on user update settings. • https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-1204.json https://gitlab.com/gitlab-org/gitlab/-/issues/394745 https://hackerone.com/reports/1881598 •