CVE-2022-3411 - API Security Blog

Main / CVE-2022-3411

CVE-2022-3411

Discription

A lack of length validation in GitLab CE/EE affecting all versions from
12.4 before 15.6.7, 15.7 before 15.7.6, and 15.8 before 15.8.1 allows an
authenticated attacker to create a large Issue description via GraphQL
which, when repeatedly requested, saturates CPU usage.Read More

References

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3411 https://gitlab.com/gitlab-org/gitlab/-/issues/376247 https://hackerone.com/reports/1685995 https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3411.json https://nvd.nist.gov/vuln/detail/CVE-2022-3411 https://launchpad.net/bugs/cve/CVE-2022-3411 https://security-tracker.debian.org/tracker/CVE-2022-3411

Back to Main

Subscribe for the latest news: