An issue has been discovered in GitLab CE/EE affecting all versions starting from 12.9 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. A regular expression related to quick actions features was susceptible to catastrophic backtracking that could cause a DOS attack.
The product compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Gitlab | Gitlab | 12.9.0 (including) | 14.3.6 (excluding) |
| Gitlab | Gitlab | 14.4.0 (including) | 14.4.4 (excluding) |
| Gitlab | Gitlab | 14.5.0 (including) | 14.5.2 (excluding) |
| Gitlab | Ubuntu | esm-apps/xenial | * |
| Gitlab | Ubuntu | trusty | * |
| Gitlab | Ubuntu | xenial | * |
This Pillar covers several possibilities: