CVE-2021-22902 log

Source
Severity Low
Remote Yes
Type Denial of service
Description
There is a possible Denial of Service vulnerability in Action Dispatch before version 6 before 6.0.3.7 and 6.1.0.2. Carefully crafted Accept headers can cause the mime type parser in Action Dispatch to do catastrophic backtracking in the regular expression engine.
Group Package Affected Fixed Severity Status Ticket
AVG-1905 gitlab-gitaly 14.0.0-1 Medium Vulnerable
AVG-2090 gitlab 13.12.3-1 14.0.0-1 Medium Fixed
References
https://www.openwall.com/lists/oss-security/2021/05/05/1