Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-r4xh-hudb-xqaa
SummaryAn input validation issue in the asset proxy in GitLab EE, affecting all versions from 12.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1, allowed an authenticated attacker to craft image urls which bypass the asset proxy.
Aliases
0
alias CVE-2023-3906
Fixed_packages
0
url pkg:deb/debian/gitlab@0?distro=sid
purl pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2023-3906
reference_id
reference_type
scores
0
value 0.00255
scoring_system epss
scoring_elements 0.48813
published_at 2026-04-02T12:55:00Z
1
value 0.00255
scoring_system epss
scoring_elements 0.48843
published_at 2026-04-13T12:55:00Z
2
value 0.00255
scoring_system epss
scoring_elements 0.4886
published_at 2026-04-11T12:55:00Z
3
value 0.00255
scoring_system epss
scoring_elements 0.48834
published_at 2026-04-12T12:55:00Z
4
value 0.00255
scoring_system epss
scoring_elements 0.48892
published_at 2026-04-16T12:55:00Z
5
value 0.00255
scoring_system epss
scoring_elements 0.48888
published_at 2026-04-18T12:55:00Z
6
value 0.00255
scoring_system epss
scoring_elements 0.48848
published_at 2026-04-21T12:55:00Z
7
value 0.00255
scoring_system epss
scoring_elements 0.48838
published_at 2026-04-04T12:55:00Z
8
value 0.00255
scoring_system epss
scoring_elements 0.48793
published_at 2026-04-07T12:55:00Z
9
value 0.00255
scoring_system epss
scoring_elements 0.48847
published_at 2026-04-08T12:55:00Z
10
value 0.00273
scoring_system epss
scoring_elements 0.50741
published_at 2026-04-26T12:55:00Z
11
value 0.00273
scoring_system epss
scoring_elements 0.50733
published_at 2026-04-24T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2023-3906
1
reference_url https://hackerone.com/reports/2071411
reference_id 2071411
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-30T14:28:00Z/
url https://hackerone.com/reports/2071411
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/419213
reference_id 419213
reference_type
scores
0
value 3.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:P/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-30T14:28:00Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/419213
3
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
Weaknesses
0
cwe_id 1287
name Improper Validation of Specified Type of Input
description The product receives input that is expected to be of a certain type, but it does not validate or incorrectly validates that the input is actually of the expected type.
Exploits
Severity_range_score3.5 - 3.5
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-r4xh-hudb-xqaa