Primary

Context

GitLab CE/EE Denial-of-Service Vulnerability in Branch Search

Vulnerability

Patched

A denial-of-service vulnerability has been identified in GitLab Community Edition (CE) and Enterprise Edition (EE) versions 15.7 prior to 16.9.7, 16.10 prior to 16.10.5, and 16.11 prior to 16.11.2. The issue arises from the branch search functionality, where an attacker could cause a denial-of-service by using unusual search terms for branch names.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing the application to become unresponsive or unavailable.

Remediation

Users are advised to upgrade to GitLab versions 16.11.2, 16.10.5, or 16.9.7, all of which include the necessary patch. Instructions for updating GitLab can be found on the GitLab update page.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

2.5

exploitability

8.1

remediation

7.7

relevance

0.0

threat

0.1

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

2.5

exploitability

8.1

remediation

7.7

relevance

0.0

threat

0.1

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GitLab CE/EE Denial-of-Service Vulnerability in Branch Search

Vulnerability

Impact

Remediation

Affected Products

GitLab

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating