CVE-2023-0921 Information

Description

A lack of length validation in GitLab CE/EE affecting all versions from 8.3 before 15.10.8 15.11 before 15.11.7 and 16.0 before 16.0.2 allows an authenticated attacker to create a large Issue description via GraphQL which when repeatedly requested saturates CPU usage.

Reference

https://gitlab.com/gitlab-org/cves/-/blob/master/2023/CVE-2023-0921.json https://hackerone.com/reports/1869839 https://gitlab.com/gitlab-org/gitlab/-/issues/392433