Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-fxwa-n6xh-syg7
SummaryAn insecure direct object reference vulnerability in GitLab EE affecting all versions from 15.7 prior to 17.6.5, 17.7 prior to 17.7.4, and 17.8 prior to 17.8.2 allows an attacker to view repositories in an unauthorized way.
Aliases
0
alias CVE-2025-1042
Fixed_packages
0
url pkg:deb/debian/gitlab@0?distro=sid
purl pkg:deb/debian/gitlab@0?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@0%3Fdistro=sid
1
url pkg:deb/debian/gitlab@17.6.5-19?distro=sid
purl pkg:deb/debian/gitlab@17.6.5-19?distro=sid
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2025-1042
reference_id
reference_type
scores
0
value 0.00028
scoring_system epss
scoring_elements 0.07823
published_at 2026-04-24T12:55:00Z
1
value 0.00028
scoring_system epss
scoring_elements 0.0774
published_at 2026-04-16T12:55:00Z
2
value 0.00028
scoring_system epss
scoring_elements 0.07714
published_at 2026-04-18T12:55:00Z
3
value 0.00028
scoring_system epss
scoring_elements 0.07866
published_at 2026-04-21T12:55:00Z
4
value 0.00028
scoring_system epss
scoring_elements 0.07781
published_at 2026-04-02T12:55:00Z
5
value 0.00028
scoring_system epss
scoring_elements 0.07827
published_at 2026-04-04T12:55:00Z
6
value 0.00028
scoring_system epss
scoring_elements 0.07784
published_at 2026-04-07T12:55:00Z
7
value 0.00028
scoring_system epss
scoring_elements 0.07841
published_at 2026-04-08T12:55:00Z
8
value 0.00028
scoring_system epss
scoring_elements 0.07861
published_at 2026-04-09T12:55:00Z
9
value 0.00028
scoring_system epss
scoring_elements 0.07852
published_at 2026-04-11T12:55:00Z
10
value 0.00028
scoring_system epss
scoring_elements 0.07839
published_at 2026-04-12T12:55:00Z
11
value 0.00028
scoring_system epss
scoring_elements 0.07825
published_at 2026-04-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2025-1042
1
reference_url https://hackerone.com/reports/2886976
reference_id 2886976
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-12T15:12:21Z/
url https://hackerone.com/reports/2886976
2
reference_url https://gitlab.com/gitlab-org/gitlab/-/issues/50849943
reference_id 50849943
reference_type
scores
0
value 4.9
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
1
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-02-12T15:12:21Z/
url https://gitlab.com/gitlab-org/gitlab/-/issues/50849943
3
reference_url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
reference_id cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
reference_type
scores
url https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:gitlab:gitlab:*:*:*:*:*:*:*:*
Weaknesses
0
cwe_id 552
name Files or Directories Accessible to External Parties
description The product makes files or directories accessible to unauthorized actors, even though they should not be.
Exploits
Severity_range_score4.9 - 4.9
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-fxwa-n6xh-syg7