Headline
CVE-2021-22218: 2021/CVE-2021-22218.json · master · GitLab.org / cves · GitLab
All versions of GitLab CE/EE starting from 12.8 before 13.10.5, all versions starting from 13.11 before 13.11.5, and all versions starting from 13.12 before 13.12.2 were affected by an issue in the handling of x509 certificates that could be used to spoof author of signed commits.
🤖 GitLab Bot 🤖 authored May 11, 2022
Related news
CVE-2021-32823: GitLab Security Release: 13.12.2, 13.11.5, and 13.10.5
In the bindata RubyGem before version 2.4.10 there is a potential denial-of-service vulnerability. In affected versions it is very slow for certain classes in BinData to be created. For example BinData::Bit100000, BinData::Bit100001, BinData::Bit100002, BinData::Bit<N>. In combination with <user_input>.constantize there is a potential for a CPU-based DoS. In version 2.4.10 bindata improved the creation time of Bits and Integers.