Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-3szm-mdpf-6ua7

Summary An issue has been discovered in GitLab CE/EE affecting all versions starting from 9.3 before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. GitLab was returning contributor emails due to improper data handling in the Datadog integration.

Aliases

alias	CVE-2022-2534

Fixed_packages

url	pkg:alpm/archlinux/gitlab@15.2.1-1
purl	pkg:alpm/archlinux/gitlab@15.2.1-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@15.2.1-1

url	pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl	pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

Affected_packages

url pkg:alpm/archlinux/gitlab@15.2.0-1

purl pkg:alpm/archlinux/gitlab@15.2.0-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1t9u-drzk-5ffz

vulnerability	VCID-3szm-mdpf-6ua7

vulnerability	VCID-92x8-rmhg-zuh6

vulnerability	VCID-9cvy-mzhc-ukhu

vulnerability	VCID-hd2f-p7zx-vqcp

vulnerability	VCID-hfyr-23g4-y7e5

vulnerability	VCID-mbnw-5r9b-mybe

vulnerability	VCID-mrtq-9dj4-a7bf

vulnerability	VCID-tv9d-9wvu-rfdg

vulnerability	VCID-tzw9-uffa-9ycy

vulnerability	VCID-wyff-62y3-9qdq

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@15.2.0-1

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-2534

reference_id

reference_type

scores

value	0.00215
scoring_system	epss
scoring_elements	0.43968
published_at	2026-04-24T12:55:00Z

value	0.00215
scoring_system	epss
scoring_elements	0.44056
published_at	2026-04-02T12:55:00Z

value	0.00215
scoring_system	epss
scoring_elements	0.44079
published_at	2026-04-11T12:55:00Z

value	0.00215
scoring_system	epss
scoring_elements	0.4401
published_at	2026-04-07T12:55:00Z

value	0.00215
scoring_system	epss
scoring_elements	0.44062
published_at	2026-04-08T12:55:00Z

value	0.00215
scoring_system	epss
scoring_elements	0.44064
published_at	2026-04-09T12:55:00Z

value	0.00215
scoring_system	epss
scoring_elements	0.44047
published_at	2026-04-12T12:55:00Z

value	0.00215
scoring_system	epss
scoring_elements	0.44031
published_at	2026-04-13T12:55:00Z

value	0.00215
scoring_system	epss
scoring_elements	0.44092
published_at	2026-04-16T12:55:00Z

value	0.00215
scoring_system	epss
scoring_elements	0.44083
published_at	2026-04-18T12:55:00Z

value	0.00215
scoring_system	epss
scoring_elements	0.44017
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-2534

reference_url

https://security.archlinux.org/AVG-2785

reference_id

AVG-2785

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2785

Weaknesses

Exploits

Severity_range_score 4.0 - 6.9

Exploitability 0.5

Weighted_severity 6.2

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3szm-mdpf-6ua7

Vulnerability Instance