Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-nd6x-k1j2-hbg7
SummaryAn issue has been discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. An AI feature was found to read unsanitized content in a way that could have allowed an attacker to hide prompt injection.
Aliases
0
alias CVE-2024-4099
Fixed_packages
0
url pkg:deb/debian/gitlab@0?distro=sid
purl pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-4099
reference_id
reference_type
scores
0
value 0.00075
scoring_system epss
scoring_elements 0.22433
published_at 2026-04-24T12:55:00Z
1
value 0.00075
scoring_system epss
scoring_elements 0.22623
published_at 2026-04-13T12:55:00Z
2
value 0.00075
scoring_system epss
scoring_elements 0.2264
published_at 2026-04-16T12:55:00Z
3
value 0.00075
scoring_system epss
scoring_elements 0.22636
published_at 2026-04-18T12:55:00Z
4
value 0.00075
scoring_system epss
scoring_elements 0.22588
published_at 2026-04-21T12:55:00Z
5
value 0.00075
scoring_system epss
scoring_elements 0.2274
published_at 2026-04-02T12:55:00Z
6
value 0.00075
scoring_system epss
scoring_elements 0.22784
published_at 2026-04-04T12:55:00Z
7
value 0.00075
scoring_system epss
scoring_elements 0.22574
published_at 2026-04-07T12:55:00Z
8
value 0.00075
scoring_system epss
scoring_elements 0.2265
published_at 2026-04-08T12:55:00Z
9
value 0.00075
scoring_system epss
scoring_elements 0.22701
published_at 2026-04-09T12:55:00Z
10
value 0.00075
scoring_system epss
scoring_elements 0.2272
published_at 2026-04-11T12:55:00Z
11
value 0.00075
scoring_system epss
scoring_elements 0.22681
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-4099
1
reference_url https://hackerone.com/reports/2459597
reference_id 2459597
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T15:48:40Z/
url https://hackerone.com/reports/2459597
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/457798
reference_id 457798
reference_type
scores
0
value 3.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-27T15:48:40Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/457798
3
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
Weaknesses
0
cwe_id 116
name Improper Encoding or Escaping of Output
description The product prepares a structured message for communication with another component, but encoding or escaping of the data is either missing or done incorrectly. As a result, the intended structure of the message is not preserved.
Exploits
Severity_range_score3.1 - 3.1
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-nd6x-k1j2-hbg7