CVE-2023-6386

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-6386

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-6386.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2023-6386

Aliases

BIT-gitlab-2023-6386

Downstream

UBUNTU-CVE-2023-6386

Published

2025-02-05T10:15:22Z

Modified

2025-08-11T01:33:34Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

A denial of service vulnerability was identified in GitLab CE/EE, affecting all versions from 15.11 prior to 16.6.7, 16.7 prior to 16.7.5 and 16.8 prior to 16.8.2 which allows an attacker to spike the GitLab instance resource usage resulting in service degradation.

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type: GIT
Repo: https://gitlab.com/gitlab-org/gitlab
Events: Introduced

4dce6bc3728f63bc9086ff3088cda7527f6f0bec

Fixed

df35a584380b571e113908bcd4d13e28a002aa09