CVE-2021-39880

apollo_upload_server has Denial of Service vulnerability in gem/apollo_upload_server

Identifiers

GHSA-w6pv-c757-6rgr, CVE-2021-39880

Package Slug

gem/apollouploadserver

Vulnerability

apollouploadserver has Denial of Service vulnerability

Description

A Denial Of Service vulnerability in the apollouploadserver Ruby gem in GitLab CE/EE all versions starting from 11.9 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 allows an attacker to deny access to all users via specially crafted requests to the apollouploadserver middleware.

Affected Versions

All versions before 2.1.0

Solution

Upgrade to version 2.1.0 or above.

Last Modified

2023-03-20

source