vulnerability

Gitlab Gitlab: CVE-2024-1493: Inefficient Regular Expression Complexity

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
7	(AV:N/AC:L/Au:S/C:N/I:N/A:C)	2024-06-26	2025-04-22	2025-04-22

Severity

CVSS

(AV:N/AC:L/Au:S/C:N/I:N/A:C)

Published

2024-06-26

Added

2025-04-22

Modified

2025-04-22

Description

An issue was discovered in GitLab CE/EE affecting all versions starting from 9.2 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, with the processing logic for generating link in dependency files can lead to a regular expression DoS attack on the server

Solution

gitlab-gitlab-cve-2024-1493-solution

References

CVE-2024-1493
https://attackerkb.com/topics/CVE-2024-1493
URL-https://gitlab.com/gitlab-org/gitlab/-/issues/441806
URL-https://hackerone.com/reports/2370084

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today