Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-sak7-sp6s-7ydh

Summary Lack of sand-boxing of OpenAPI documents in GitLab CE/EE affecting all versions from 12.6 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2 allows an attacker to trick a user to click on the Swagger OpenAPI viewer and issue HTTP requests that affect the victim's account.

Aliases

alias	CVE-2022-3726

Fixed_packages

url	pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
purl	pkg:deb/debian/gitlab@15.10.8%2Bds1-2?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@15.10.8%252Bds1-2%3Fdistro=sid

url	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl	pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid

Affected_packages

References

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-3726

reference_id

reference_type

scores

value	0.00334
scoring_system	epss
scoring_elements	0.56134
published_at	2026-04-24T12:55:00Z

value	0.00334
scoring_system	epss
scoring_elements	0.56224
published_at	2026-04-12T12:55:00Z

value	0.00334
scoring_system	epss
scoring_elements	0.56207
published_at	2026-04-13T12:55:00Z

value	0.00334
scoring_system	epss
scoring_elements	0.56239
published_at	2026-04-16T12:55:00Z

value	0.00334
scoring_system	epss
scoring_elements	0.56241
published_at	2026-04-18T12:55:00Z

value	0.00334
scoring_system	epss
scoring_elements	0.56209
published_at	2026-04-21T12:55:00Z

value	0.00334
scoring_system	epss
scoring_elements	0.56181
published_at	2026-04-07T12:55:00Z

value	0.00334
scoring_system	epss
scoring_elements	0.56201
published_at	2026-04-04T12:55:00Z

value	0.00334
scoring_system	epss
scoring_elements	0.56232
published_at	2026-04-08T12:55:00Z

value	0.00334
scoring_system	epss
scoring_elements	0.56238
published_at	2026-04-09T12:55:00Z

value	0.00334
scoring_system	epss
scoring_elements	0.56248
published_at	2026-04-11T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-3726

reference_url

https://hackerone.com/reports/1563383

reference_id

1563383

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T19:22:45Z/

url

https://hackerone.com/reports/1563383

reference_url

https://gitlab.com/gitlab-org/gitlab/-/issues/362509

reference_id

362509

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T19:22:45Z/

url

https://gitlab.com/gitlab-org/gitlab/-/issues/362509

reference_url

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3726.json

reference_id

CVE-2022-3726.json

reference_type

scores

value	4.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2025-05-01T19:22:45Z/

url

https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-3726.json

Weaknesses

Exploits

Severity_range_score 4.8 - 4.8

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-sak7-sp6s-7ydh

Vulnerability Instance