CVE: Common Vulnerabilities and Exposures

Required CVE Record Information

Description

An issue has been discovered in GitLab affecting all versions starting from 12.4. The regex used for package names is written in a way that makes execution time have quadratic growth based on the length of the malicious input string.

CVSS 1 Total

Learn more

Score	Severity	Version	Vector String
4.3	MEDIUM	3.1	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Product Status

Learn more

Versions 3 Total

Default Status: unknown

affected

Credits

This vulnerability has been discovered internally by the GitLab team

References 2 Total

https://gitlab.com/gitlab-org/gitlab/-/issues/270199
external site
https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26414.json
external site

Updated: 2024-08-04

This container includes required additional information provided by the CVE Program for this vulnerability.

References 2 Total

https://gitlab.com/gitlab-org/gitlab/-/issues/270199
external site
x_transferred
https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26414.json
external site
x_transferred

Common vulnerabilities and Exposures (CVE)

Required CVE Record Information

CNA: GitLab Inc.

Description

CVSS 1 Total

Product Status

Credits

References 2 Total

CVE Program

References 2 Total