CVE-2021-39880

NameCVE-2021-39880
DescriptionA Denial Of Service vulnerability in the apollo_upload_server Ruby gem in GitLab CE/EE version 11.11 and above allows an attacker to deny access to all users via specially crafted requests to the apollo_upload_server middleware.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
gitlab (PTS)sid/contrib13.4.7-2vulnerable
ruby-apollo-upload-server (PTS)bullseye2.0.3-1vulnerable
bookworm, sid2.1.0-1vulnerable

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gitlabsource(unstable)(unfixed)
ruby-apollo-upload-serversource(unstable)(unfixed)

Notes

reach out for details

Search for package or bug name: Reporting problems