CVE-2021-39932
MEDIUMGitLab 11.0-14.3.5, 14.4-14.4.3, 14.5-14.5.1 - Denial of Service via Diff Feature
Title source: llmDescription
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.0 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. Using large payloads, the diff feature could be used to trigger high load time for users reviewing code changes.
References (2)
Core 2
Core References
Broken Link x_refsource_misc
https://gitlab.com/gitlab-org/gitlab/-/issues/217360
Third Party Advisory x_refsource_confirm
https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39932.json
Scores
CVSS v3
4.3
EPSS
0.0086
EPSS Percentile
53.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Details
CWE
CWE-20
Status
published
Products (1)
gitlab/gitlab
11.0.0 - 14.3.6 (2 CPE variants)
Published
Dec 13, 2021
Tracked Since
Feb 18, 2026