### Vulnerability Summary **Overview** * **Vulnerability Type**: Denial of Service (DoS) / Infinite Recursion * **Affected Component**: GitLab CI/CD Configuration Parser (YAML Parser) * **Description**: When parsing `.gitlab-ci.yml` files, if the file contains a `!reference` tag pointing to itself (e.g., `!reference [ . ]`), the parser enters an infinite recursion loop, exhausting system resources or causing service crash. **Impact Scope** * **Affected Files**: `lib/gitlab/ci/config/variable_source.rb`, `lib/gitlab/ci/config/variable.rb` * **Trigger Condition**: Use of self-referencing `!reference` tags in GitLab CI configuration files. **Fix Solution** * **Core Logic**: Added checks during `!reference` tag parsing to detect and block self-references or circular references, preventing infinite recursion. * **Code Changes**: * Modified the parsing logic in `VariableSource` and `Variable` classes to validate the `reference` parameter. * Added test cases in `spec/lib/gitlab/ci/config/variable_source_spec.rb` for self-reference and circular reference scenarios, ensuring the fix is effective. **POC / Exploit Code** The test cases (Spec) in the screenshot include YAML configuration snippets that trigger the vulnerability: ```yaml # Example YAML configuration triggering infinite recursion foo: !reference [ . ] # Or: foo: !reference [ .foo ] # Or (circular reference): foo: !reference [ .bar ] bar: !reference [ .foo ] ```