GitLab
cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*
- >= 18.9, < 18.9.2
A denial-of-service vulnerability has been identified in the GitLab Community Edition (CE) and Enterprise Edition (EE) GraphQL API, affecting all versions from 18.9 prior to 18.9.2. This vulnerability could have allowed an unauthenticated user to cause a denial-of-service condition by sending specially crafted GraphQL requests, leading to uncontrolled recursion under certain circumstances.
Exploitation of this vulnerability could have caused a denial-of-service condition, disrupting normal operations by causing the application to become unresponsive or unavailable.
GitLab has released patch versions 18.9.2, 18.8.6, and 18.7.6, which address this vulnerability. Instructions for updating GitLab can be found on the GitLab Update page.
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.