Catastrophic Backtracking Vulnerability in GitLab EE Advanced Search

Catastrophic Backtracking Vulnerability in GitLab EE Advanced Search

CVE-2020-13349 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

An issue has been discovered in GitLab EE affecting all versions starting from 8.12. A regular expression related to a file path resulted in the Advanced Search feature susceptible to catastrophic backtracking. Affected versions are >=8.12, <13.3.9,>=13.4, <13.4.5,>=13.5, <13.5.2.

Learn more about our Web Application Penetration Testing UK.