cryptopone

2 exploits Active since Oct 2022
CVE-2022-2592 WRITEUP MEDIUM WRITEUP
GitLab < 15.1.6, 15.2 < 15.2.4, 15.3 < 15.3.2 - Authenticated Denial of Service via Snippet Description Length
A lack of length validation in Snippet descriptions in GitLab CE/EE affecting all versions prior to 15.1.6, 15.2 prior to 15.2.4 and 15.3 prior to 15.3.2 allows an authenticated attacker to create a maliciously large Snippet which when requested with or without authentication places excessive load on the server, potential leading to Denial of Service.
CVSS 6.5
CVE-2022-3411 WRITEUP MEDIUM WRITEUP
GitLab 12.4-15.6.6, 15.7-15.7.5, 15.8-15.8.0 - Authenticated Denial of Service via Large Issue Description
A lack of length validation in GitLab CE/EE affecting all versions from 12.4 before 15.6.7, 15.7 before 15.7.6, and 15.8 before 15.8.1 allows an authenticated attacker to create a large Issue description via GraphQL which, when repeatedly requested, saturates CPU usage.
CVSS 6.5