Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-7be1-7wvf-h3bd
SummaryAn issue was discovered with pipeline execution policies in GitLab EE affecting all versions from 17.2 prior to 17.2.5, 17.3 prior to 17.3.2 which allows authenticated users to bypass variable overwrite protection via inclusion of a CI/CD template.
Aliases
0
alias CVE-2024-8311
Fixed_packages
0
url pkg:deb/debian/gitlab@0?distro=sid
purl pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-8311
reference_id
reference_type
scores
0
value 0.00044
scoring_system epss
scoring_elements 0.13443
published_at 2026-04-24T12:55:00Z
1
value 0.00044
scoring_system epss
scoring_elements 0.13366
published_at 2026-04-18T12:55:00Z
2
value 0.00044
scoring_system epss
scoring_elements 0.13438
published_at 2026-04-21T12:55:00Z
3
value 0.00044
scoring_system epss
scoring_elements 0.13577
published_at 2026-04-02T12:55:00Z
4
value 0.00044
scoring_system epss
scoring_elements 0.13637
published_at 2026-04-04T12:55:00Z
5
value 0.00044
scoring_system epss
scoring_elements 0.13435
published_at 2026-04-07T12:55:00Z
6
value 0.00044
scoring_system epss
scoring_elements 0.13516
published_at 2026-04-08T12:55:00Z
7
value 0.00044
scoring_system epss
scoring_elements 0.13565
published_at 2026-04-09T12:55:00Z
8
value 0.00044
scoring_system epss
scoring_elements 0.13539
published_at 2026-04-11T12:55:00Z
9
value 0.00044
scoring_system epss
scoring_elements 0.13501
published_at 2026-04-12T12:55:00Z
10
value 0.00044
scoring_system epss
scoring_elements 0.13455
published_at 2026-04-13T12:55:00Z
11
value 0.00044
scoring_system epss
scoring_elements 0.13368
published_at 2026-04-16T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-8311
1
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/479315
reference_id 479315
reference_type
scores
0
value 6.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-12T18:45:43Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/479315
2
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
Weaknesses
0
cwe_id 424
name Improper Protection of Alternate Path
description The product does not sufficiently protect all possible paths that a user can take to access restricted functionality or resources.
Exploits
Severity_range_score6.5 - 6.5
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-7be1-7wvf-h3bd