---

CVE-2020-26414 - log back

CVE-2020-26414 edited at 07 Jan 2021 21:29:18
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Denial of service
Description	+ An issue has been discovered in GitLab affecting all versions starting from 12.4. The regex used for package names is written in a way that makes execution time have quadratic growth based on the length of the malicious input string. The issue is mitigated in GitLab version 13.7.2, 13.6.4, and 13.5.6.
References	+ https://about.gitlab.com/releases/2021/01/07/security-release-gitlab-13-7-2-released/#regular-expression-denial-of-service-in-package-uploads
Notes

CVE-2020-26414 created at 07 Jan 2021 21:27:01