Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-73zx-y2xe-ybd8
SummaryAn issue has been discovered in GitLab EE affecting all versions starting from 17.3 before 17.3.7, all versions starting from 17.4 before 17.4.4, all versions starting from 17.5 before 17.5.2 in which an unauthenticated user may be able to read some information about an MR in a private project, under certain circumstances.
Aliases
0
alias CVE-2024-10240
Fixed_packages
0
url pkg:deb/debian/gitlab@0?distro=sid
purl pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2024-10240
reference_id
reference_type
scores
0
value 0.00133
scoring_system epss
scoring_elements 0.32937
published_at 2026-04-16T12:55:00Z
1
value 0.00174
scoring_system epss
scoring_elements 0.38809
published_at 2026-04-07T12:55:00Z
2
value 0.00174
scoring_system epss
scoring_elements 0.38862
published_at 2026-04-08T12:55:00Z
3
value 0.00174
scoring_system epss
scoring_elements 0.38875
published_at 2026-04-09T12:55:00Z
4
value 0.00174
scoring_system epss
scoring_elements 0.38887
published_at 2026-04-11T12:55:00Z
5
value 0.00174
scoring_system epss
scoring_elements 0.38823
published_at 2026-04-13T12:55:00Z
6
value 0.00174
scoring_system epss
scoring_elements 0.38851
published_at 2026-04-12T12:55:00Z
7
value 0.00174
scoring_system epss
scoring_elements 0.38859
published_at 2026-04-02T12:55:00Z
8
value 0.00174
scoring_system epss
scoring_elements 0.3888
published_at 2026-04-04T12:55:00Z
9
value 0.00181
scoring_system epss
scoring_elements 0.39559
published_at 2026-04-24T12:55:00Z
10
value 0.00181
scoring_system epss
scoring_elements 0.3982
published_at 2026-04-18T12:55:00Z
11
value 0.00181
scoring_system epss
scoring_elements 0.39738
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2024-10240
1
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/493188
reference_id 493188
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-26T20:24:41Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/493188
2
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
3
reference_url https://about.gitlab.com/releases/2024/11/13/patch-release-gitlab-17-5-2-released/#information-disclosure-through-an-api-endpoint
reference_id #information-disclosure-through-an-api-endpoint
reference_type
scores
0
value 5.3
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-26T20:24:41Z/
url https://about.gitlab.com/releases/2024/11/13/patch-release-gitlab-17-5-2-released/#information-disclosure-through-an-api-endpoint
Weaknesses
0
cwe_id 497
name Exposure of Sensitive System Information to an Unauthorized Control Sphere
description The product does not properly prevent sensitive system-level information from being accessed by unauthorized actors who do not have the same level of access to the underlying system as the product does.
Exploits
Severity_range_score5.3 - 5.3
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-73zx-y2xe-ybd8