CVE-2023-6489

MEDIUM Year: 2023
CVSS v3 Score
6.5
Medium
Weakness Type
CWE-1333
View all →

Vulnerability Description

A denial of service vulnerability was identified in GitLab CE/EE, versions 16.7.7 prior to 16.8.6, 16.9 prior to 16.9.4 and 16.10 prior to 16.10.2 which allows an attacker to spike the GitLab instance resources usage resulting in service degradation via chat integration feature.

Related Vulnerabilities

CVE-2019-16215

MEDIUM
CVSS:6.5(Medium)

The Markdown parser in Zulip server before 2.0.5 used a regular expression vulnerable to exponential backtracking. A user who is logged into the server could send a crafted message causing the server ...

CWE-13332019

CVE-2021-25292

MEDIUM
CVSS:6.5(Medium)

An issue was discovered in Pillow before 8.1.1. The PDF parser allows a regular expression DoS (ReDoS) attack via a crafted PDF file because of a catastrophic backtracking regex.

CWE-13332021

CVE-2021-39933

MEDIUM
CVSS:6.5(Medium)

An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A r...

CWE-13332021

CVE-2021-39940

MEDIUM
CVSS:6.5(Medium)

An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.2 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. GitL...

CWE-13332021

CVE-2021-4437

MEDIUM
CVSS:6.5(Medium)

A vulnerability, which was classified as problematic, has been found in dbartholomae lambda-middleware frameguard up to 1.0.4. Affected by this issue is some unknown functionality of the file packages...

CWE-13332021

CVE-2021-46823

MEDIUM
CVSS:6.5(Medium)

python-ldap before 3.4.0 is vulnerable to a denial of service when ldap.schema is used for untrusted schema definitions, because of a regular expression denial of service (ReDoS) flaw in the LDAP sche...

CWE-13332021