---

CVE-2021-22166 - log back

CVE-2021-22166 edited at 08 Jan 2021 13:38:01
Description	- An attacker could cause a Prometheus denial of service in GitLab 13.7+ by sending an HTTP request with a malformed method. The issue is mitigated in GitLab version 13.7.2, 13.6.4, and 13.5.6. + An attacker could cause a Prometheus denial of service in GitLab 13.7+ by sending an HTTP request with a malformed method. The issue is mitigated in GitLab version 13.7.2.

CVE-2021-22166 edited at 07 Jan 2021 21:30:14
Severity	- Unknown + Medium
Remote	- Unknown + Remote
Type	- Unknown + Denial of service
Description	+ An attacker could cause a Prometheus denial of service in GitLab 13.7+ by sending an HTTP request with a malformed method. The issue is mitigated in GitLab version 13.7.2, 13.6.4, and 13.5.6.
References	+ https://about.gitlab.com/releases/2021/01/07/security-release-gitlab-13-7-2-released/#prometheus-denial-of-service-via-http-request-with-custom-method
Notes

CVE-2021-22166 created at 07 Jan 2021 21:27:01