CVE-2022-4131

MEDIUM Year: 2022
CVSS v3 Score
5.3
Medium
Weakness Type
CWE-1333
View all →

Vulnerability Description

An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.8 before 15.5.7, all versions starting from 15.6 before 15.6.4, all versions starting from 15.7 before 15.7.2. An attacker may cause Denial of Service on a GitLab instance by exploiting a regex issue in how the application parses user agents.

Related Vulnerabilities

CVE-2017-20162

MEDIUM
CVSS:5.3(Medium)

A vulnerability, which was classified as problematic, has been found in vercel ms up to 1.x. This issue affects the function parse of the file index.js. The manipulation of the argument str leads to i...

CWE-13332017

CVE-2021-23362

MEDIUM
CVSS:5.3(Medium)

The package hosted-git-info before 3.0.8 are vulnerable to Regular Expression Denial of Service (ReDoS) via regular expression shortcutMatch in the fromUrl function in index.js. The affected regular e...

CWE-13332021

CVE-2021-23364

MEDIUM
CVSS:5.3(Medium)

The package browserslist from 4.0.0 and before 4.16.5 are vulnerable to Regular Expression Denial of Service (ReDoS) during parsing of queries.

CWE-13332021

CVE-2021-3765

MEDIUM
CVSS:5.3(Medium)

validator.js is vulnerable to Inefficient Regular Expression Complexity

CWE-13332021

CVE-2021-3820

MEDIUM
CVSS:5.3(Medium)

inflect is vulnerable to Inefficient Regular Expression Complexity

CWE-13332021

CVE-2021-3822

MEDIUM
CVSS:5.3(Medium)

jsoneditor is vulnerable to Inefficient Regular Expression Complexity

CWE-13332021