CVE-2024-2651: 
GitLab vulnerability analysis and mitigation

CVE-2024-2651 is a security vulnerability discovered in GitLab CE/EE affecting all versions before 16.9.7, all versions starting from 16.10 before 16.10.5, and all versions starting from 16.11 before 16.11.2. The vulnerability was disclosed on May 14, 2024, and allows an attacker to cause a denial of service using maliciously crafted markdown content (NVD, GitLab Release).

The vulnerability is classified as a medium severity issue with a CVSS v3.1 base score of 6.5 (MEDIUM) and vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H. The issue is related to inefficient Regular Expression Complexity (CWE-1333) in the markdown render pipeline (NVD).

When exploited, this vulnerability can lead to a denial of service condition in the affected GitLab instances, potentially impacting system availability. The attack specifically targets the markdown rendering functionality of the application (GitLab Release).

GitLab has released patches to address this vulnerability. Users are strongly recommended to upgrade to GitLab versions 16.9.7, 16.10.5, or 16.11.2 depending on their current version. The fix has been implemented in these versions and GitLab.com is already running the patched version (GitLab Release).