Vulnerabilities
Vulnerable Software
Google:  >> Gerrit  >> 2.14  Security Vulnerabilities
Incorrect authorization in the "submitted together" feature in Gerrit versions 2.12 and later allows an authenticated attacker with force push permissions on a secondary branch to bypass code review and forcefully submit code to restricted branches via a crafted submission matching the "topic" tag of an unapproved change.
CVSS Score
6.0
EPSS Score
0.002
Published
2026-05-13
Any git operation is passed through Jetty and a session is created. No expiry is set for the session and Jetty does not automatically dispose of the session. Over multiple git actions, this can lead to a heap memory exhaustion for Gerrit servers. We recommend upgrading Gerrit to any of the versions listed above.
CVSS Score
6.5
EPSS Score
0.004
Published
2021-02-17


Contact Us

Shodan ® - All rights reserved