Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-1tja-ztb9-myhy

Summary An issue has been discovered in GitLab affecting all versions starting from 12.10 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. GitLab was not correctly handling malicious requests to the PyPi API endpoint allowing the attacker to cause uncontrolled resource consumption.

Aliases

alias	CVE-2022-1431

Fixed_packages

url	pkg:alpm/archlinux/gitlab@14.10.2-1
purl	pkg:alpm/archlinux/gitlab@14.10.2-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.10.2-1

url	pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl	pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

Affected_packages

url pkg:alpm/archlinux/gitlab@14.10-1

purl pkg:alpm/archlinux/gitlab@14.10-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1tja-ztb9-myhy

vulnerability	VCID-221v-5q8x-5ygz

vulnerability	VCID-2gxb-vk9m-c3hd

vulnerability	VCID-4xun-1v5s-uqbt

vulnerability	VCID-62y5-e7f4-7kbz

vulnerability	VCID-a4kg-mmhm-jqhp

vulnerability	VCID-bvmd-gmg3-eue2

vulnerability	VCID-hawe-rs16-37bf

vulnerability	VCID-rc6v-b3x8-87bu

vulnerability	VCID-svws-7gd2-r3f5

vulnerability	VCID-wt3g-99mt-uug6

vulnerability	VCID-wvtd-44nu-ckgb

vulnerability	VCID-ykza-d472-n7a4

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@14.10-1

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-1431

reference_id

reference_type

scores

value	0.00329
scoring_system	epss
scoring_elements	0.5586
published_at	2026-04-24T12:55:00Z

value	0.00329
scoring_system	epss
scoring_elements	0.55783
published_at	2026-04-01T12:55:00Z

value	0.00329
scoring_system	epss
scoring_elements	0.55895
published_at	2026-04-02T12:55:00Z

value	0.00329
scoring_system	epss
scoring_elements	0.55917
published_at	2026-04-04T12:55:00Z

value	0.00329
scoring_system	epss
scoring_elements	0.55896
published_at	2026-04-07T12:55:00Z

value	0.00329
scoring_system	epss
scoring_elements	0.55947
published_at	2026-04-08T12:55:00Z

value	0.00329
scoring_system	epss
scoring_elements	0.55949
published_at	2026-04-09T12:55:00Z

value	0.00329
scoring_system	epss
scoring_elements	0.55958
published_at	2026-04-11T12:55:00Z

value	0.00329
scoring_system	epss
scoring_elements	0.55938
published_at	2026-04-12T12:55:00Z

value	0.00329
scoring_system	epss
scoring_elements	0.5592
published_at	2026-04-13T12:55:00Z

value	0.00329
scoring_system	epss
scoring_elements	0.55957
published_at	2026-04-16T12:55:00Z

value	0.00329
scoring_system	epss
scoring_elements	0.5596
published_at	2026-04-18T12:55:00Z

value	0.00329
scoring_system	epss
scoring_elements	0.55934
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-1431

reference_url

https://security.archlinux.org/AVG-2696

reference_id

AVG-2696

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2696

Weaknesses

Exploits

Severity_range_score 7.0 - 8.9

Exploitability 0.5

Weighted_severity 8.0

Risk_score 4.0

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1tja-ztb9-myhy

Vulnerability Instance