A regular expression denial of service issue has been discovered in NuGet API affecting all versions of GitLab starting from version 12.8.
CVSS Score
4.3
EPSS Score
0.002
Published
2021-01-15
Insufficient validation of authentication parameters in GitLab Pages for GitLab 11.5+ allows an attacker to steal a victim's API token if they click on a maliciously crafted link
CVSS Score
7.3
EPSS Score
0.001
Published
2021-01-15
An issue has been discovered in GitLab affecting all versions starting from 12.4. The regex used for package names is written in a way that makes execution time have quadratic growth based on the length of the malicious input string.
CVSS Score
4.3
EPSS Score
0.003
Published
2021-01-15
Page 43