Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-wyff-62y3-9qdq

Summary An issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, all versions starting from 15.1 before 15.1.4, all versions starting from 15.2 before 15.2.1. It may be possible for malicious group or project maintainers to change their corresponding group or project visibility by crafting a malicious POST request.

Aliases

alias	CVE-2022-2456

Fixed_packages

url	pkg:alpm/archlinux/gitlab@15.2.1-1
purl	pkg:alpm/archlinux/gitlab@15.2.1-1
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@15.2.1-1

url	pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl	pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

Affected_packages

url pkg:alpm/archlinux/gitlab@15.2.0-1

purl pkg:alpm/archlinux/gitlab@15.2.0-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1t9u-drzk-5ffz

vulnerability	VCID-3szm-mdpf-6ua7

vulnerability	VCID-92x8-rmhg-zuh6

vulnerability	VCID-9cvy-mzhc-ukhu

vulnerability	VCID-hd2f-p7zx-vqcp

vulnerability	VCID-hfyr-23g4-y7e5

vulnerability	VCID-mbnw-5r9b-mybe

vulnerability	VCID-mrtq-9dj4-a7bf

vulnerability	VCID-tv9d-9wvu-rfdg

vulnerability	VCID-tzw9-uffa-9ycy

vulnerability	VCID-wyff-62y3-9qdq

resource_url http://public2.vulnerablecode.io/packages/pkg:alpm/archlinux/gitlab@15.2.0-1

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-2456

reference_id

reference_type

scores

value	0.00207
scoring_system	epss
scoring_elements	0.43051
published_at	2026-04-24T12:55:00Z

value	0.00207
scoring_system	epss
scoring_elements	0.4313
published_at	2026-04-02T12:55:00Z

value	0.00207
scoring_system	epss
scoring_elements	0.43157
published_at	2026-04-04T12:55:00Z

value	0.00207
scoring_system	epss
scoring_elements	0.43096
published_at	2026-04-07T12:55:00Z

value	0.00207
scoring_system	epss
scoring_elements	0.43149
published_at	2026-04-12T12:55:00Z

value	0.00207
scoring_system	epss
scoring_elements	0.43161
published_at	2026-04-09T12:55:00Z

value	0.00207
scoring_system	epss
scoring_elements	0.43182
published_at	2026-04-11T12:55:00Z

value	0.00207
scoring_system	epss
scoring_elements	0.43134
published_at	2026-04-13T12:55:00Z

value	0.00207
scoring_system	epss
scoring_elements	0.43193
published_at	2026-04-16T12:55:00Z

value	0.00207
scoring_system	epss
scoring_elements	0.43183
published_at	2026-04-18T12:55:00Z

value	0.00207
scoring_system	epss
scoring_elements	0.43116
published_at	2026-04-21T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-2456

reference_url

https://security.archlinux.org/AVG-2785

reference_id

AVG-2785

reference_type

scores

value	Medium
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2785

Weaknesses

Exploits

Severity_range_score 4.0 - 6.9

Exploitability 0.5

Weighted_severity 6.2

Risk_score 3.1

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wyff-62y3-9qdq

Vulnerability Instance