Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Allocation of Resources Without Limits or Throttling in GitLab
Vulnerability Description
Denial of Service issue in GraphQL endpoints in Gitlab EE/CE affecting all versions from 11.10 prior to 18.2.7, 18.3 prior to 18.3.3, and 18.4 prior to 18.4.1 allows unauthenticated users to potentially bypass query complexity limits leading to resource exhaustion and service disruption.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Vulnerability Type
不加限制或调节的资源分配
Vulnerability Title
GitLab 安全漏洞
Vulnerability Description
GitLab是美国GitLab公司的一个开源的端到端软件开发平台,具有内置的版本控制、问题跟踪、代码审查、CI/CD(持续集成和持续交付)等功能。 GitLab EE和CE 11.10版本至18.2.7之前版本、18.3版本至18.3.3之前版本和18.4版本至18.4.1之前版本存在安全漏洞,该漏洞源于未经验证的用户可能绕过查询复杂度限制,可能导致资源耗尽和服务中断。
CVSS Information
N/A
Vulnerability Type
N/A