CVE-2024-21652: Bypassing Brute Force Protection via Application Crash and In-Memory Data Loss
An attacker can exploit a chain of vulnerabilities, including a Denial of Service (DoS) flaw and in-memory data storage weakness, to effectively bypass the application’s brute force login protection. This makes the application susceptible to brute force attacks, compromising the security of all user accounts.
References
Detect and mitigate CVE-2024-21652 with GitLab Dependency Scanning
Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →