Main Vulnerability Database Vulnerabilities #VU30455

Input validation error in Gitlab Community Edition - CVE-2019-19313

Published: January 5, 2020 / Updated: July 17, 2020

Vulnerability identifier: #VU30455

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2019-19313

CWE-ID: CWE-20

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: GitLab, Inc

Affected software:
Gitlab Community Edition

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

GitLab EE 12.3 through 12.5, 12.4.3, and 12.3.6 allows Denial of Service. Certain characters were making it impossible to create, edit, or view issues and commits.

How to mitigate CVE-2019-19313

Install update from vendor's website.

Sources

https://about.gitlab.com/blog/2019/11/27/security-release-gitlab-12-5-1-released/
https://about.gitlab.com/blog/categories/releases/
https://gitlab.com/gitlab-org/gitlab/issues/14947

Input validation error in Gitlab Community Edition - CVE-2019-19313

Detailed vulnerability description

How to mitigate CVE-2019-19313

Sources

Please verify you're human