CVE-2021-39880 (apollo_upload_server): apollo_upload_server has Denial of Service vulnerability

ADVISORIES

CVE-2021-39880 (NVD)
GHSA-w6pv-c757-6rgr
Vendor Advisory

GEM

apollo_upload_server

SEVERITY

CVSS v3.x: 6.5 (Medium)

PATCHED VERSIONS

>= 2.1.0

DESCRIPTION

A Denial Of Service vulnerability in the apollo_upload_server Ruby gem in GitLab CE/EE version 11.11 and above allows an attacker to deny access to all users via specially crafted requests to the apollo_upload_server middleware.

https://gitlab.com/gitlab-org/cves/-/blob/master/2021/CVE-2021-39880.json
https://gitlab.com/gitlab-org/gitlab/-/issues/330561
https://github.com/jetruby/apollo_upload_server-ruby/pull/44
https://github.com/jetruby/apollo_upload_server-ruby/commit/b0582c1a3e458eee3c994fb38278bd0221f20486
https://github.com/jetruby/apollo_upload_server-ruby/releases/tag/2.1.0
https://gitlab.com/gitlab-org/gitlab/-/issues/330561#note_642879964
https://vuldb.com/?id.183842

RubySec

CVE-2021-39880 (apollo_upload_server): apollo_upload_server has Denial of Service vulnerability

ADVISORIES

GEM

SEVERITY

PATCHED VERSIONS

DESCRIPTION

RELATED

Recent Advisories