Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-rd3n-uts6-tkb5
SummaryAn information disclosure issue has been discovered in GitLab EE affecting all versions starting from 16.5 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. A maintainer could obtain a Dependency Proxy password by editing a certain Dependency Proxy setting.
Aliases
0
alias CVE-2024-4278
Fixed_packages
0
url pkg:deb/debian/gitlab@0?distro=sid
purl pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-4278
reference_id
reference_type
scores
0
value 0.00041
scoring_system epss
scoring_elements 0.12492
published_at 2026-04-26T12:55:00Z
1
value 0.00041
scoring_system epss
scoring_elements 0.12399
published_at 2026-04-16T12:55:00Z
2
value 0.00041
scoring_system epss
scoring_elements 0.12403
published_at 2026-04-18T12:55:00Z
3
value 0.00041
scoring_system epss
scoring_elements 0.12518
published_at 2026-04-21T12:55:00Z
4
value 0.00041
scoring_system epss
scoring_elements 0.12526
published_at 2026-04-24T12:55:00Z
5
value 0.00041
scoring_system epss
scoring_elements 0.12625
published_at 2026-04-02T12:55:00Z
6
value 0.00041
scoring_system epss
scoring_elements 0.12666
published_at 2026-04-04T12:55:00Z
7
value 0.00041
scoring_system epss
scoring_elements 0.12479
published_at 2026-04-07T12:55:00Z
8
value 0.00041
scoring_system epss
scoring_elements 0.12557
published_at 2026-04-08T12:55:00Z
9
value 0.00041
scoring_system epss
scoring_elements 0.12608
published_at 2026-04-09T12:55:00Z
10
value 0.00041
scoring_system epss
scoring_elements 0.12575
published_at 2026-04-11T12:55:00Z
11
value 0.00041
scoring_system epss
scoring_elements 0.12535
published_at 2026-04-12T12:55:00Z
12
value 0.00041
scoring_system epss
scoring_elements 0.12496
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-4278
1
reference_url https://hackerone.com/reports/2466205
reference_id 2466205
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T13:39:52Z/
url https://hackerone.com/reports/2466205
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/458484
reference_id 458484
reference_type
scores
0
value 5.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-26T13:39:52Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/458484
3
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
Weaknesses
0
cwe_id 821
name Incorrect Synchronization
description The product utilizes a shared resource in a concurrent manner, but it does not correctly synchronize access to the resource.
Exploits
Severity_range_score5.5 - 5.5
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-rd3n-uts6-tkb5