Uncontrolled CPU Consumption Vulnerability in GitLab CE/EE Could Lead to Denial of Service
CVE-2024-9367

Currently unrated

Key Information:

Vendor: GitLab
Vendor: CVE Published:; 12 December 2024

Summary

A vulnerability has been identified in GitLab CE/EE that affects versions 13.9 through to 17.4.6, 17.5 prior to 17.5.4, and 17.6 before 17.6.2. This vulnerability allows attackers to exploit the template parsing functionality, leading to uncontrolled CPU consumption. As a result, this may trigger a Denial of Service condition, severely impacting the availability of the service. Administrators are advised to review their systems for these specific versions and implement necessary updates or mitigations to prevent exploitation.

References

https://gitlab.com/gitlab-org/gitlab/-/issues/496631

https://hackerone.com/reports/2735311

Timeline

Vulnerability published
Dec 12, 2024