Skip to main content
A Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection. Six years running.Find Out Why
CVE Vulnerability Database
Vulnerability Database/CVE-2024-8973

CVE-2024-8973: GitLab GitHub Import DoS Vulnerability

CVE-2024-8973 is a denial of service vulnerability in GitLab CE/EE affecting versions 17.1 to 17.11.1. Attackers can exploit GitHub import requests with malicious payloads to trigger DoS conditions. This article covers technical details, affected versions, impact, and mitigation steps.

Published:

CVE-2024-8973 Overview

CVE-2024-8973 is a denial of service vulnerability affecting GitLab Community Edition (CE) and Enterprise Edition (EE). The flaw resides in the GitHub import functionality, where a malicious crafted payload submitted through import requests can exhaust server resources. The issue affects all versions from 17.1 prior to 17.9.8, from 17.10 prior to 17.10.6, and from 17.11 prior to 17.11.2. The vulnerability is categorized under [CWE-770] (Allocation of Resources Without Limits or Throttling). An unauthenticated network-based attacker can trigger the condition without user interaction, impacting availability of self-managed and SaaS GitLab instances.

Critical Impact

Remote attackers can render GitLab instances unavailable by submitting malformed GitHub import requests, disrupting development pipelines and code review workflows.

Affected Products

  • GitLab CE/EE versions 17.1 through 17.9.7
  • GitLab CE/EE versions 17.10 through 17.10.5
  • GitLab CE/EE versions 17.11 through 17.11.1

Discovery Timeline

  • 2025-05-09 - CVE-2024-8973 published to NVD
  • 2026-06-17 - Last updated in NVD database

Technical Details for CVE-2024-8973

Vulnerability Analysis

The vulnerability is a resource exhaustion flaw in the GitHub import feature of GitLab CE/EE. GitLab provides an importer that accepts data structures from GitHub repositories and translates them into native GitLab objects. The import endpoint fails to enforce sufficient limits on the size or structure of incoming payloads. An attacker can submit a crafted payload that forces the importer to consume excessive CPU or memory. The result is a denial of service condition that prevents legitimate users from accessing the GitLab instance. The flaw is reachable over the network and requires no authentication or user interaction.

Root Cause

The root cause is improper enforcement of resource limits during GitHub import processing, mapped to [CWE-770]. The importer parses attacker-controlled input without throttling allocations or bounding work performed per request. Without these constraints, a single malicious request can monopolize server resources.

Attack Vector

The attack vector is network based. An attacker sends a crafted import request to a vulnerable GitLab instance that exposes the GitHub import functionality. The malicious payload triggers expensive processing inside the importer, exhausting available resources. Repeated requests amplify the effect and can sustain the outage. See the GitLab Issue Report and the HackerOne Security Report for technical details on the malformed payload structure.

Detection Methods for CVE-2024-8973

Indicators of Compromise

  • Sudden spikes in CPU or memory consumption on the GitLab Rails or Sidekiq workers tied to GitHub import jobs.
  • HTTP requests to GitHub import endpoints originating from unexpected source addresses or in unusual volumes.
  • Stalled or failing Sidekiq queues handling Gitlab::GithubImport workers.
  • Web server timeouts or 5xx error rate increases coincident with import activity.

Detection Strategies

  • Monitor application logs for repeated POST requests targeting /import/github or related import API routes.
  • Correlate import request volume with worker resource metrics to identify amplification patterns.
  • Alert on long-running Sidekiq jobs in import-related queues that exceed historical baselines.

Monitoring Recommendations

  • Ingest GitLab production logs and Sidekiq metrics into a centralized logging or SIEM platform for baseline analysis.
  • Track HTTP request rates per endpoint and per source IP, with anomaly thresholds on import endpoints.
  • Maintain dashboards for memory and CPU usage on Rails workers to detect resource exhaustion early.

How to Mitigate CVE-2024-8973

Immediate Actions Required

  • Upgrade GitLab CE/EE to version 17.9.8, 17.10.6, or 17.11.2 depending on the deployed release branch.
  • Restrict access to GitHub import functionality to trusted users until patching is complete.
  • Place GitLab behind a reverse proxy or WAF that enforces rate limiting on import endpoints.
  • Review recent import activity for signs of abuse and terminate any stalled import jobs.

Patch Information

GitLab has released fixed versions 17.9.8, 17.10.6, and 17.11.2. Administrators of self-managed instances should upgrade to one of these versions or later. GitLab.com SaaS has been updated by the vendor. Refer to the GitLab Issue Report for the official fix details.

Workarounds

  • Disable the GitHub import source in the GitLab admin settings if the feature is not required.
  • Apply network-level rate limiting to import API routes to slow exploitation attempts.
  • Limit project import permissions to administrators while patching is scheduled.

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.

Try SentinelOne