Denial of Service Vulnerability in GitLab CE/EE
CVE-2024-8973

7.5HIGH

Key Information:

Vendor: Gitlab
Status: Gitlab
Vendor: CVE Published:; 9 May 2025

What is CVE-2024-8973?

A vulnerability has been identified in GitLab CE/EE that allows an attacker to create a denial of service (DoS) condition through crafted GitHub import requests. This issue affects various versions of GitLab, specifically those from 17.1 to 17.9.7, 17.10 to 17.10.5, and 17.11 to 17.11.1. Attackers can exploit this vulnerability by sending specially designed payloads, which may overwhelm the system's capabilities, leading to service interruptions.

Affected Version(s)

GitLab 17.1 < 17.9.8

GitLab 17.10 < 17.10.6

GitLab 17.11 < 17.11.2

References

https://gitlab.com/gitlab-org/gitlab/-/issues/491041

issue-trackingpermissions-required

https://hackerone.com/reports/2711684

technical-descriptionexploitpermissions-required

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 9, 2025
Vulnerability Reserved
Sep 18, 2024

Credit

Thanks [a92847865](https://hackerone.com/a92847865) for reporting this vulnerability through our HackerOne bug bounty program

Gitlab

What is CVE-2024-8973?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit