CVE-2021-39880

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-39880

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-39880.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-39880

Aliases

Downstream

DEBIAN-CVE-2021-39880

UBUNTU-CVE-2021-39880

Published

2021-10-05T15:15:07.727Z

Modified

2026-02-11T13:54:46.557017Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

A Denial Of Service vulnerability in the apollouploadserver Ruby gem in GitLab CE/EE all versions starting from 11.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to deny access to all users via specially crafted requests to the apollouploadserver middleware.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

e8824bdbcb70ab6210d3de565d52662d95c96978

Introduced

2f3536bdda88ae962d4f67ced68af6efd82254f1

Fixed

e8824bdbcb70ab6210d3de565d52662d95c96978

Introduced

38bbb40bb77dd3e0f0281c4363e2ef298e650c42

Fixed

406469ced21f30ac40efcd98dad975802db778e9

Introduced

e4567ef4362f4ef24a09112564b31dfe9044ea12

Fixed

467d2cb7fe4aef65b5d0845e3aac3fb6b2b866a4

Affected versions

v14.*

v14.1.0-ee

v14.1.1-ee

v14.1.2-ee

v14.1.3-ee

v14.2.0-ee

v14.2.1-ee

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-39880.json"