CVE-2024-7610

MEDIUM

Gitlab < 17.0.6 - Denial of Service

Title source: rule

Description

A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions starting with 15.9 before 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2. It is possible for an attacker to cause catastrophic backtracking while parsing results from Elasticsearch.

References (1)

[Broken Link] https://gitlab.com/gitlab-org/gitlab/-/issues/468917

Scores

CVSS v3 4.3

EPSS 0.0025

EPSS Percentile 48.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Classification

CWE

CWE-400

Status published

Affected Products (2)

gitlab/gitlab < 17.0.6

Timeline

Published Aug 08, 2024

Tracked Since Feb 18, 2026