CVE-2021-22902 log

Source
Severity Low
Remote Yes
Type Denial of service
Description
There is a possible Denial of Service vulnerability in Action Dispatch before version 6 before 6.0.3.7 and 6.1.0.2. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch to do catastrophic backtracking in the regular expression engine.
Group Package Affected Fixed Severity Status Ticket
AVG-2223 gitlab-gitaly 14.0.4-1 14.1.0-1 Medium Fixed
AVG-2090 gitlab 13.12.3-1 14.0.0-1 Medium Fixed
References
https://www.openwall.com/lists/oss-security/2021/05/05/1