GitLab CE/EE Performance Degradation Vulnerability in String Conversion Methods

Vulnerability

A performance degradation vulnerability has been identified in GitLab CE/EE versions 17.4 prior to 18.2.7, 18.3 prior to 18.3.3, and 18.4 prior to 18.4.1. The issue arises in certain string conversion methods, which exhibit reduced performance when handling large inputs.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing performance issues that can degrade the user experience or disrupt normal operations.

Added: Sep 26, 2025, 10:32 AM

Updated: Sep 26, 2025, 2:49 PM

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

0.6

exploitability

5.2

remediation

0.0

relevance

0.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.3

impact

0.6

exploitability

5.2

remediation

0.0

relevance

0.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

GitLab CE/EE Performance Degradation Vulnerability in String Conversion Methods

Vulnerability

Impact

Affected Products

GitLab

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating