CVE-2022-1510

HIGH Year: 2022
CVSS v3 Score
7.5
High
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-1333
View all →

Vulnerability Description

An issue has been discovered in GitLab affecting all versions starting from 13.9 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly handling malicious text in the CI Editor and CI Pipeline details page allowing the attacker to cause uncontrolled resource consumption.

Related Vulnerabilities

CVE-2015-10005

HIGH
CVSS:7.5(High)

A vulnerability was found in markdown-it up to 2.x. It has been classified as problematic. Affected is an unknown function of the file lib/common/html_re.js. The manipulation leads to inefficient regu...

CWE-13332015

CVE-2015-8315

HIGH
CVSS:7.5(High)

The ms package before 0.7.1 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)."

CWE-13332015

CVE-2015-8854

HIGH
CVSS:7.5(High)

The marked package before 0.3.4 for Node.js allows attackers to cause a denial of service (CPU consumption) via unspecified vectors that trigger a "catastrophic backtracking issue for the em inline ru...

CWE-13332015

CVE-2017-20165

HIGH
CVSS:7.5(High)

A vulnerability classified as problematic has been found in debug-js debug up to 3.0.x. This affects the function useColors of the file src/node.js. The manipulation of the argument str leads to ineff...

CWE-13332017

CVE-2018-25049

HIGH
CVSS:7.5(High)

A vulnerability was found in email-existence. It has been rated as problematic. Affected by this issue is some unknown functionality of the file index.js. The manipulation leads to inefficient regular...

CWE-13332018

CVE-2018-25061

HIGH
CVSS:7.5(High)

A vulnerability was found in rgb2hex up to 0.1.5. It has been rated as problematic. This issue affects some unknown processing. The manipulation leads to inefficient regular expression complexity. The...

CWE-13332018