GitLab CE/EE Denial-of-Service Vulnerability via Malicious GitHub Import Requests

Vulnerability

A denial-of-service vulnerability has been identified in GitLab Community Edition (CE) and Enterprise Edition (EE) versions 17.1 prior to 17.9.8, 17.10 prior to 17.10.6, and 17.11 prior to 17.11.2. The issue arises from the handling of GitHub import requests, where a maliciously crafted payload could be used to create a DoS condition.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing the application to become unresponsive or unavailable.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

2.5

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GitLab CE/EE Denial-of-Service Vulnerability via Malicious GitHub Import Requests

Vulnerability

Impact

Affected Products

GitLab CE

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating