Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-b892-qn91-h7aa

Summary An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It allows for Information Exposure via unsubscribe links in email replies.

Aliases

alias	CVE-2018-18645

Fixed_packages

url	pkg:alpm/archlinux/gitlab@11.4.3-1
purl	pkg:alpm/archlinux/gitlab@11.4.3-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@11.4.3-1

url	pkg:deb/debian/gitlab@11.2.8%2Bdfsg-2?distro=sid
purl	pkg:deb/debian/gitlab@11.2.8%2Bdfsg-2?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@11.2.8%252Bdfsg-2%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

Affected_packages

url pkg:alpm/archlinux/gitlab@11.4.0-1

purl pkg:alpm/archlinux/gitlab@11.4.0-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-237a-hwkp-47ep

vulnerability	VCID-4nq8-46us-fqdx

vulnerability	VCID-818r-vkyn-dfg3

vulnerability	VCID-b892-qn91-h7aa

vulnerability	VCID-de67-fg42-33fc

vulnerability	VCID-j3h8-a8dz-nbc3

vulnerability	VCID-mwwz-cchk-xqef

vulnerability	VCID-nm3h-6p78-skgt

vulnerability	VCID-pkf7-7s21-17a8

vulnerability	VCID-tnfb-sr49-ykhd

vulnerability	VCID-vybv-n2a8-qugs

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@11.4.0-1

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-18645

reference_id

reference_type

scores

value	0.00097
scoring_system	epss
scoring_elements	0.26573
published_at	2026-04-26T12:55:00Z

value	0.00097
scoring_system	epss
scoring_elements	0.2681
published_at	2026-04-01T12:55:00Z

value	0.00097
scoring_system	epss
scoring_elements	0.26852
published_at	2026-04-02T12:55:00Z

value	0.00097
scoring_system	epss
scoring_elements	0.26893
published_at	2026-04-04T12:55:00Z

value	0.00097
scoring_system	epss
scoring_elements	0.26678
published_at	2026-04-18T12:55:00Z

value	0.00097
scoring_system	epss
scoring_elements	0.26746
published_at	2026-04-08T12:55:00Z

value	0.00097
scoring_system	epss
scoring_elements	0.26797
published_at	2026-04-09T12:55:00Z

value	0.00097
scoring_system	epss
scoring_elements	0.268
published_at	2026-04-11T12:55:00Z

value	0.00097
scoring_system	epss
scoring_elements	0.26755
published_at	2026-04-12T12:55:00Z

value	0.00097
scoring_system	epss
scoring_elements	0.26699
published_at	2026-04-13T12:55:00Z

value	0.00097
scoring_system	epss
scoring_elements	0.26707
published_at	2026-04-16T12:55:00Z

value	0.00097
scoring_system	epss
scoring_elements	0.26637
published_at	2026-04-21T12:55:00Z

value	0.00097
scoring_system	epss
scoring_elements	0.26581
published_at	2026-04-24T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-18645

reference_url	https://security.archlinux.org/ASA-201810-16
reference_id	ASA-201810-16
reference_type
scores
url	https://security.archlinux.org/ASA-201810-16

reference_url

https://security.archlinux.org/AVG-794

reference_id

AVG-794

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-794

Weaknesses

Exploits

Severity_range_score 9.0 - 10.0

Exploitability 0.5

Weighted_severity 9.0

Risk_score 4.5

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b892-qn91-h7aa

Vulnerability Instance