A Denial Of Service vulnerability in the apollo_upload_server Ruby gem in GitLab CE/EE version 11.11 and above allows an attacker to deny access to all users via specially crafted requests to the apollo_upload_server middleware.

Affected Packages

RubyGems apollo_upload_server

Affected versions: 0 (fixed in 2.1.0)

Related CVEs

CVE-2021-39880

Key Information

GHSA ID

GHSA-w6pv-c757-6rgr

Published

May 24, 2022 7:16 PM

Last Modified

March 17, 2023 7:44 PM

CVSS Score

5.0 /10

Primary Ecosystem

RubyGems

Primary Package

apollo_upload_server

GitHub Reviewed

✓ Yes

Dataset

Last updated: August 4, 2025 6:39 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.