Use after free on rest api of branches

Summary

We are testing Gitlab's rest apis and coming across some internal error. We will appreciate it if you developers could give us a hand and make a better community together. The error is explained as following:

After deleting a branch, the deleted branch could still be referred in the following branch creation

It happens to me by API on the latest Gitlab CE docker image RELEASE_VERSION=14.1.0-ce.0.

RELATED ENDPOINTS:

• POST /api/v4/projects/:id/repository/branches
• DELETE /api/v4/projects/:id/repository/branches/:branch
• GET /api/v4/projects/:id/repository/branches/:branch
• POST /api/v4/projects/:id/repository/branches

Steps to reproduce

1. Create a branch on some project

curl -X POST -H 'PRIVATE-TOKEN: <YOUR-TOKEN>' 'http://host/api/v4/projects/3/repository/branches?ref=master&branch=branchname1'

201 Created

It goes well and returns the new branch name <BRANCH_NAME>

2. Detele the branch

curl -X DELETE -H 'PRIVATE-TOKEN: <YOUR-TOKEN>' 'http://host/api/v4/projects/3/repository/branches/<BRANCH_NAME>

It goes well and the server responds with 204 No Content

3. Get the branch

curl -X GET -H 'PRIVATE-TOKEN: <YOUR-TOKEN>' 'http://host/api/v4/projects/3/repository/branches/<BRANCH_NAME>

It goes well and the server responds with 404 Branch not found

4. Create a new branch referring to deleted branch

curl -X POST -H 'PRIVATE-TOKEN: <YOUR-TOKEN>' 'http://host/api/v4/projects/3/repository/branches?ref=<BRANCH_NAME>&branch=branchname2'

However, the server responds with 201 Created, managing to refer to a deleted branch.

What is the current bug behavior?

return "201 Created"

What is the expected correct behavior?

return "404 Branch not found"