CVE-2023-4522
MEDIUMGitLab < 16.2.0 - Denial of Service via Directory Names with LF Characters
Title source: llmDescription
An issue has been discovered in GitLab affecting all versions before 16.2.0. Committing directories containing LF character results in 500 errors when viewing the commit.
References (3)
Core 3
Core References
Mailing List, Third Party Advisory
https://lists.fedoraproject.org/archives/list/[email protected]/message/SJ42V7O7F4OU6R7QSQQECLB6LDHKZIMQ/
Permissions Required technical-description
exploit
permissions-required
https://hackerone.com/reports/1937213
Exploit issue-tracking
permissions-required
https://gitlab.com/gitlab-org/gitlab/-/issues/406817
Scores
CVSS v3
4.3
EPSS
0.0094
EPSS Percentile
56.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Details
CWE
CWE-1287
Status
published
Products (2)
gitlab/gitlab
< 16.2.0
GitLab/GitLab
< 16.2.0
Published
Aug 30, 2023
Tracked Since
Feb 18, 2026