CVE-2024-1947: 
GitLab vulnerability analysis and mitigation

A denial of service (DoS) condition was discovered in GitLab CE/EE affecting all versions from 13.2.4 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. The vulnerability allows attackers to create a DoS condition by sending crafted API calls (GitLab Release, NVD).

The vulnerability is classified as a medium severity issue with a CVSS v3.1 base score of 6.5 (MEDIUM) according to NIST NVD assessment, while GitLab Inc. rates it at 4.3 (MEDIUM). The CVSS vector string is CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, indicating network accessibility, low attack complexity, and requiring low privileges with no user interaction. The vulnerability is associated with CWE-409 (Improper Handling of Highly Compressed Data) (NVD).

The vulnerability can result in a denial of service condition affecting the availability of GitLab services. When exploited, the attacker can disrupt system operations through crafted API calls, potentially impacting system resources and service availability (GitLab Release).

GitLab has released patches to address this vulnerability in versions 17.0.1, 16.11.3, and 16.10.6. Organizations are strongly recommended to upgrade their GitLab installations to one of these patched versions immediately. GitLab.com has already been updated to run the patched version (GitLab Release).