CVE-2024-4025
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-06-20
Last updated on: 2025-08-12
Assigner: GitLab Inc.
Description
Description
A Denial of Service (DoS) condition has been discovered in GitLab CE/EE affecting all versions from 7.10 prior before 16.11.5, version 17.0 before 17.0.3, and 17.1 before 17.1.1. It is possible for an attacker to cause a denial of service using a crafted markdown page.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gitlab | gitlab | From 7.10.0 (inc) to 16.11.5 (exc) |
| gitlab | gitlab | From 7.10.0 (inc) to 16.11.5 (exc) |
| gitlab | gitlab | From 17.0.0 (inc) to 17.0.3 (exc) |
| gitlab | gitlab | From 17.0.0 (inc) to 17.0.3 (exc) |
| gitlab | gitlab | 17.1.0 |
| gitlab | gitlab | 17.1.0 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-1333 | The product uses a regular expression with an inefficient, possibly exponential worst-case computational complexity that consumes excessive CPU cycles. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Denial of Service (DoS) condition in GitLab CE/EE that affects multiple versions. An attacker can exploit it by using a specially crafted markdown page to cause the service to become unavailable.
How can this vulnerability impact me? :
The impact of this vulnerability is that an attacker can cause a denial of service, making the GitLab service unavailable or unresponsive, which can disrupt development workflows and access to repositories.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70