CNNVD-202602-2003 Information
CNNVD ID
CNNVD-202602-2003
Related CVE
- CNNVD Published: 2026-02-11
Description (Chinese)
GitLab是美国GitLab公司的一个端到端软件开发平台,具有内置的版本控制、问题跟踪、代码审查、CI/CD(持续集成和持续交付)等功能。 GitLab CE/EE 18.6.6之前版本、18.7.4之前版本和18.8.4之前版本存在安全漏洞,该漏洞源于绕过JSON验证中间件限制,可能导致未经身份验证的用户通过内存或CPU耗尽造成拒绝服务。
Description (English)
GitLab is an end-to-end software development platform for the United States company GitLab with built-in version control, problem tracking, code review, CI/CD (continuous integration and continuous delivery). There is a security loophole in previous versions of GitLab CE/EE 18.6.6.6, 18.7.4 and 18.8.4 resulting from the circumvention of the JSON authentication intermediate limit, which may lead to the denial of services by uncertified users through memory or CPU depletion.
Vulnerability Type
其他
Affected Vendor
GitLab
Published
2026-02-11
Last Modified
2026-02-24
References
https://hackerone.com/reports/3463363 https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/ https://gitlab.com/gitlab-org/gitlab/-/issues/586202 https://access.redhat.com/security/cve/cve-2026-0958
Patch
https://about.gitlab.com/releases/2026/02/10/patch-release-gitlab-18-8-4-released/
Share on: