CVE-2024-8233

An issue has been discovered in GitLab CE/EE affecting all versions from 9.4 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2. An attacker could cause a denial of service with requests for diff files on a commit or merge request.

Database specific

{
    "cna_assigner": "GitLab",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/8xxx/CVE-2024-8233.json",
    "cwe_ids": [
        "CWE-407"
    ]
}

References

Affected packages

Git / gitlab.com/gitlab-org/gitlab

Affected ranges

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

1cfb4f1bd87be2a38c61dbe78f10c351449ab8b4

Fixed

25a55583bbcf724ad625848d48a529467e7c7097

Database specific

{
    "versions": [
        {
            "introduced": "9.4"
        },
        {
            "fixed": "17.4.6"
        }
    ]
}

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

173959793c1163052d16c2158773ea9504aa712e

Fixed

0397324ed14bb7f0ede422841d713fd22349302f

Database specific

{
    "versions": [
        {
            "introduced": "17.5"
        },
        {
            "fixed": "17.5.4"
        }
    ]
}

Type

GIT

Repo

https://gitlab.com/gitlab-org/gitlab

Events

Introduced

a8830741d3c4ad7f6a70eed38ee7af31f298d093

Fixed

6ff444aad3a327c384b0859be326d042dde090ee

Database specific

{
    "versions": [
        {
            "introduced": "17.6"
        },
        {
            "fixed": "17.6.2"
        }
    ]
}

Affected versions

v17.*

v17.5.0-ee

v17.5.1-ee

v17.5.2-ee

v17.5.3-ee

v17.6.0-ee

v17.6.1-ee

v17.6.2-rc30-ee

v17.6.2-rc31-ee

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-8233.json"