A DOS vulnerability exists in Gitlab CE/EE >=10.3, <13.4.7,>=13.5, <13.5.5,>=13.6, <13.6.2 that allows an attacker to trigger uncontrolled resource by bypassing input validation in markdown fields. Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-26409 Reference (s):
- https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26409.json
- URL: https://gitlab.com/gitlab-org/cves/-/blob/master/2020/CVE-2020-26409.json
- https://gitlab.com/gitlab-org/gitlab/-/issues/259626
- URL: https://gitlab.com/gitlab-org/gitlab/-/issues/259626
- https://hackerone.com/reports/990461