CVE-2024-12379
Allocation of Resources Without Limits or Throttling in GitLab
6.5
MEDIUM
CVSS 3.1
EPSS 0.06%
Description
A denial of service vulnerability in GitLab CE/EE affecting all versions from 14.1 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to impact the availability of GitLab via unbounded symbol creation via the scopes parameter in a Personal Access Token.
How to fix CVE-2024-12379
To remediate CVE-2024-12379, upgrade the affected package to a fixed version below.
- —upgrade to 17.8.2 or later
Is CVE-2024-12379 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 14.1.0, < 17.8.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H |