Home

Description

An issue has been discovered in GitLab CE/EE affecting all versions starting from 17.1 prior to 17.9.8, from 17.10 prior to 17.10.6, and from 17.11 prior to 17.11.2. It was possible to cause a DoS condition via GitHub import requests using a malicious crafted payload.

PUBLISHED Reserved 2024-09-18 | Published 2025-05-09 | Updated 2025-05-09 | Assigner GitLab




MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Problem types

CWE-770: Allocation of Resources Without Limits or Throttling

Product status

Default status
unaffected

17.1 before 17.9.8
affected

17.10 before 17.10.6
affected

17.11 before 17.11.2
affected

Credits

Thanks [a92847865](https://hackerone.com/a92847865) for reporting this vulnerability through our HackerOne bug bounty program finder

References

gitlab.com/gitlab-org/gitlab/-/issues/491041 (GitLab Issue #491041) issue-tracking permissions-required

hackerone.com/reports/2711684 (HackerOne Bug Bounty Report #2711684) technical-description exploit permissions-required

cve.org (CVE-2024-8973)

nvd.nist.gov (CVE-2024-8973)

Download JSON