Allele Security Alert
ASA-2019-00216
Identifier(s)
ASA-2019-00216, CVE-2019-10113
Title
Denial of Service (DoS) potential on project languages page
Vendor(s)
GitLab
Product(s)
GitLab Community Edition (CE)
GitLab Enterprise Edition (EE)
Affected version(s)
GitLab CE/EE 11.2 and later
Fixed version(s)
GitLab Community Edition (CE) and GitLab Enterprise Edition (EE) 11.9.4
GitLab Community Edition (CE) and GitLab Enterprise Edition (EE) 11.8.6
GitLab Community Edition (CE) and GitLab Enterprise Edition (EE) 11.7.10
Proof of concept
unknown
Description
A potential denial of service (DoS) attack vector was discovered on the project languages endpoint.
Technical details
unknown
Credits
opalmer
Reference(s)
GitLab Security Release: 11.9.4, 11.8.6, and 11.7.10
https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/
CVE-2019-10113
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-10113
CVE-2019-10113
https://nvd.nist.gov/vuln/detail/CVE-2019-10113
If there is any error in this alert or you wish a comprehensive analysis, let us know.
Last modified: April 23, 2019