CVE-2021-22166 log
| Source |
|
| Severity | Medium |
| Remote | Yes |
| Type | Denial of service |
| Description | An attacker could cause a Prometheus denial of service in GitLab 13.7+ by sending an HTTP request with a malformed method. The issue is mitigated in GitLab version 13.7.2. |
| Group | Package | Affected | Fixed | Severity | Status | Ticket |
|---|---|---|---|---|---|---|
| AVG-1416 | gitlab | 13.7.1-1 | 13.7.2-1 | High | Fixed |
| Date | Advisory | Group | Package | Severity | Type |
|---|---|---|---|---|---|
| 12 Jan 2021 | ASA-202101-10 | AVG-1416 | gitlab | High | multiple issues |
| References |
|---|
https://about.gitlab.com/releases/2021/01/07/security-release-gitlab-13-7-2-released/#prometheus-denial-of-service-via-http-request-with-custom-method |