Denial of Service Vulnerability in GitLab RefMatcher Affects All Prior Versions
CVE-2024-2800
Key Information:
Badges
What is CVE-2024-2800?
The vulnerability in GitLab's RefMatcher arises from a ReDoS flaw when matching branch names with wildcards. This issue affects multiple versions of GitLab EE and CE, enabling potential denial of service attacks due to excessive Regex backtracking. Attackers could exploit this vulnerability to degrade performance or cause service disruptions, thereby impacting users' ability to manage version control effectively. Organizations using affected versions must prioritize addressing this flaw to maintain system integrity and protect against service interruptions.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
GitLab 11.3 < 17.0.6
GitLab 17.1 < 17.1.4
GitLab 17.2 < 17.2.2
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
CVSS V3.1
Timeline
- ๐ก
Public PoC available
- ๐พ
Exploit known to exist
Vulnerability published
Vulnerability Reserved