CVE Details
Basic Information
| Title | Allocation of Resources Without Limits or Throttling in GitLab |
|---|---|
| Type | cve |
| Published | 2025-06-12T10:02:15.206Z |
| Last Seen |
Product Information
| Vendor | GitLab |
|---|---|
| Product | GitLab |
| Version | 2.10 |
CVSS Information
| Base Score | 6.5 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | A vulnerability in GitLab CE/EE allows an authenticated user to cause denial of service by exploiting a lack of input validation in HTTP responses. This affects versions from 2.1.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. |
|---|---|
| AI Severity | Medium |
| Vendor | GitLab Inc. |
| Product | GitLab |
| Affected Version | 2.1.0 to 17.10.7, 17.11.0 to 17.11.3, 18.0.0 to 18.0.1 |
Affected Products
- GitLab GitLab 2.10
- GitLab GitLab 17.11
- GitLab GitLab 18.0
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-770 |
| Bulletin Family |
References
Description
An issue has been discovered in GitLab CE/EE affecting all versions from 2.1.0 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. A lack of input validation in HTTP responses could allow an authenticated user to cause denial of service.