Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-ykmk-ymk1-b3a6
SummaryAn issue has been discovered in GitLab affecting all versions starting from 14.0 before 14.0.9, all versions starting from 14.1 before 14.1.4, all versions starting from 14.2 before 14.2.2. The route for /user.keys is not restricted on instances with public visibility disabled. This allows user enumeration on such instances.
Aliases
0
alias CVE-2021-22257
Fixed_packages
0
url pkg:alpm/archlinux/gitlab@14.2.2-1
purl pkg:alpm/archlinux/gitlab@14.2.2-1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.2.2-1
1
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
2
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
Affected_packages
0
url pkg:alpm/archlinux/gitlab@14.2.1-1
purl pkg:alpm/archlinux/gitlab@14.2.1-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-ss7h-4jqj-rycp
1
vulnerability VCID-tfat-25ty-rfgj
2
vulnerability VCID-ykmk-ymk1-b3a6
resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.2.1-1
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2021-22257
reference_id
reference_type
scores
0
value 0.00218
scoring_system epss
scoring_elements 0.44337
published_at 2026-04-24T12:55:00Z
1
value 0.00218
scoring_system epss
scoring_elements 0.4437
published_at 2026-04-01T12:55:00Z
2
value 0.00218
scoring_system epss
scoring_elements 0.44441
published_at 2026-04-12T12:55:00Z
3
value 0.00218
scoring_system epss
scoring_elements 0.44462
published_at 2026-04-04T12:55:00Z
4
value 0.00218
scoring_system epss
scoring_elements 0.44397
published_at 2026-04-07T12:55:00Z
5
value 0.00218
scoring_system epss
scoring_elements 0.44448
published_at 2026-04-08T12:55:00Z
6
value 0.00218
scoring_system epss
scoring_elements 0.44455
published_at 2026-04-09T12:55:00Z
7
value 0.00218
scoring_system epss
scoring_elements 0.44471
published_at 2026-04-11T12:55:00Z
8
value 0.00218
scoring_system epss
scoring_elements 0.4444
published_at 2026-04-13T12:55:00Z
9
value 0.00218
scoring_system epss
scoring_elements 0.44496
published_at 2026-04-16T12:55:00Z
10
value 0.00218
scoring_system epss
scoring_elements 0.44487
published_at 2026-04-18T12:55:00Z
11
value 0.00218
scoring_system epss
scoring_elements 0.44417
published_at 2026-04-21T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2021-22257
1
reference_url https://security.archlinux.org/AVG-2335
reference_id AVG-2335
reference_type
scores
0
value Medium
scoring_system archlinux
scoring_elements
url https://security.archlinux.org/AVG-2335
Weaknesses
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-ykmk-ymk1-b3a6