|Type||Denial of service|
An issue has been discovered in GitLab affecting all versions starting from 12.4. The regex used for package names is written in a way that makes execution time have quadratic growth based on the length of the malicious input string. The issue is mitigated in GitLab version 13.7.2, 13.6.4, and 13.5.6.
|12 Jan 2021||ASA-202101-10||AVG-1416||gitlab||High||multiple issues|