Exponential Backtracking DOS Vulnerability in GitLab CE/EE (Versions 12.6 - 13.3.9)

Exponential Backtracking DOS Vulnerability in GitLab CE/EE (Versions 12.6 - 13.3.9)

CVE-2020-13354 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

A potential DOS vulnerability was discovered in GitLab CE/EE starting with version 12.6. The container registry name check could cause exponential number of backtracks for certain user supplied values resulting in high CPU usage. Affected versions are: >=12.6, <13.3.9.

Learn more about our User Device Pen Test.