DEBIAN-CVE-2021-39880

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2021-39880

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2021-39880.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2021-39880

Upstream

CVE-2021-39880

Published

2021-10-05T15:15:07Z

Modified

2025-09-19T06:11:12Z

Summary

[none]

Details

A Denial Of Service vulnerability in the apollouploadserver Ruby gem in GitLab CE/EE all versions starting from 11.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to deny access to all users via specially crafted requests to the apollouploadserver middleware.

References

https://security-tracker.debian.org/tracker/CVE-2021-39880

Affected packages

Debian:12 / ruby-apollo-upload-server

Package

Name: ruby-apollo-upload-server
Purl: pkg:deb/debian/ruby-apollo-upload-server?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / ruby-apollo-upload-server

Package

Name: ruby-apollo-upload-server
Purl: pkg:deb/debian/ruby-apollo-upload-server?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / ruby-apollo-upload-server

Package

Name: ruby-apollo-upload-server
Purl: pkg:deb/debian/ruby-apollo-upload-server?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.1.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}