The host is installed with GitLab CE/EE 9.3 before 16.0.8, 16.1 before 16.1.3, or 16.2 before 16.2.2 and is prone to a regular expression denial of service vulnerability. A flaw is present in the application, which fails to properly handle the crafted payloads which use ProjectReferenceFilter to the preview_markdown endpoint. Successful exploitation could allow attackers to cause regular expression denial of service.