Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-m9cw-hzjf-6kfq
SummaryA vulnerability in GitLab CE/EE affecting all versions from 11.3.4 prior to 15.1.5, 15.2 to 15.2.3, 15.3 to 15.3 to 15.3.1 allows an an authenticated user to achieve remote code execution via the Import from GitHub API endpoint
Aliases
0
alias CVE-2022-2884
Fixed_packages
0
url pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-2884
reference_id
reference_type
scores
0
value 0.67741
scoring_system epss
scoring_elements 0.98591
published_at 2026-04-24T12:55:00Z
1
value 0.67741
scoring_system epss
scoring_elements 0.98579
published_at 2026-04-09T12:55:00Z
2
value 0.67741
scoring_system epss
scoring_elements 0.9858
published_at 2026-04-12T12:55:00Z
3
value 0.67741
scoring_system epss
scoring_elements 0.98582
published_at 2026-04-13T12:55:00Z
4
value 0.67741
scoring_system epss
scoring_elements 0.98587
published_at 2026-04-21T12:55:00Z
5
value 0.67741
scoring_system epss
scoring_elements 0.98588
published_at 2026-04-18T12:55:00Z
6
value 0.67741
scoring_system epss
scoring_elements 0.9857
published_at 2026-04-02T12:55:00Z
7
value 0.67741
scoring_system epss
scoring_elements 0.98573
published_at 2026-04-04T12:55:00Z
8
value 0.67741
scoring_system epss
scoring_elements 0.98575
published_at 2026-04-07T12:55:00Z
9
value 0.67741
scoring_system epss
scoring_elements 0.98577
published_at 2026-04-08T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-2884
1
reference_url https://hackerone.com/reports/1672388
reference_id 1672388
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-14T14:23:51Z/
url https://hackerone.com/reports/1672388
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/371098
reference_id 371098
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-14T14:23:51Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/371098
3
reference_url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/ruby/webapps/51181.py
reference_id CVE-2022-2884
reference_type exploit
scores
url https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/ruby/webapps/51181.py
4
reference_url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2884.json
reference_id CVE-2022-2884.json
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-14T14:23:51Z/
url https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-2884.json
5
reference_url http://packetstormsecurity.com/files/171628/GitLab-15.3-Remote-Code-Execution.html
reference_id GitLab-15.3-Remote-Code-Execution.html
reference_type
scores
0
value 9.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
1
value Track*
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:Y/T:T/P:M/B:A/M:M/D:R/2025-05-14T14:23:51Z/
url http://packetstormsecurity.com/files/171628/GitLab-15.3-Remote-Code-Execution.html
Weaknesses
Exploits
0
date_added 2023-04-01
description GitLab v15.3 - Remote Code Execution (RCE) (Authenticated)
required_action null
due_date null
notes null
known_ransomware_campaign_use true
source_date_published 2023-04-01
exploit_type webapps
platform ruby
source_date_updated 2023-06-06
data_source Exploit-DB
source_url
Severity_range_score9.9 - 9.9
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-m9cw-hzjf-6kfq