CVE-2020-13310

gitlab-org/cves

on gitlab

gitlab-org/gitlab-runner

on gitlab

Published

September 14, 2020

Severity

CVSS v3:

6.5 MEDIUM

CVSS v2:

4 MEDIUM

Description

A vulnerability was discovered in GitLab runner versions before 13.1.3, 13.2.3 and 13.3.1. It was possible to make the gitlab-runner process crash by sending malformed queries, resulting in a denial of service.

References

https://gitlab.com/gitlab-org/gitlab-runner/-/issues/26819
https://gitlab.com/gitlab-org/gitlab-runner/-/issues/25857
https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-13310.json

Configurations

CPE23	Version Start	Version End	Exact Version
cpe:2.3:a:gitlab:gitlab::::::::	13.2.0 (including)	13.2.3	*
cpe:2.3:a:gitlab:gitlab::::::::	n/a	13.1.3	*
cpe:2.3:a:gitlab:gitlab::::::::	13.3.0 (including)	13.3.1	*

External Links

NVD - CVE-2020-13310