An issue has been discovered in GitLab EE affecting all versions starting from 10.5 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to cause a client-side denial of service using malicious crafted mermaid diagram input.
References
Link | Resource |
---|---|
https://gitlab.com/gitlab-org/gitlab/-/issues/424882 | Broken Link Vendor Advisory |
https://hackerone.com/reports/2137421 | Permissions Required Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitLab
Published: 2023-12-01T07:01:48.155Z
Updated: 2023-12-05T11:58:33.499Z
Reserved: 2023-09-12T13:30:21.852Z
Link: CVE-2023-4912
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-12-01T07:15:11.387
Modified: 2023-12-06T19:50:26.767
Link: CVE-2023-4912
JSON object: View
Redhat Information
No data.