Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/923273?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/923273?format=api", "purl": "pkg:deb/debian/gitlab@11.8.6%2Bdfsg-1?distro=sid", "type": "deb", "namespace": "debian", "name": "gitlab", "version": "11.8.6+dfsg-1", "qualifiers": { "distro": "sid" }, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "11.8.9+dfsg-1", "latest_non_vulnerable_version": "17.6.5-19", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/191820?format=api", "vulnerability_id": "VCID-2m26-5f7y-s3fe", "summary": "An Insecure Permissions issue (issue 2 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The GitLab Releases feature could allow guest users access to private information like release details and code information.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10115", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34254", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34631", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34394", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34376", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34291", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34161", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34226", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34264", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34157", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34184", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34686", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00144", "scoring_system": "epss", "scoring_elements": "0.34672", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35522", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35547", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35429", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35475", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35499", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.3551", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35466", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35444", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00149", "scoring_system": "epss", "scoring_elements": "0.35323", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10115" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926482", "reference_id": "926482", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926482" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923273?format=api", "purl": "pkg:deb/debian/gitlab@11.8.6%2Bdfsg-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@11.8.6%252Bdfsg-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2019-10115" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2m26-5f7y-s3fe" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/191811?format=api", "vulnerability_id": "VCID-4v6j-cn1c-s7dd", "summary": "An Information Exposure issue (issue 1 of 2) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. EXIF geolocation data were not removed from images when uploaded to GitLab. As a result, anyone with access to the uploaded image could obtain its geolocation, device, and software version data (if present).", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10109", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33399", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33374", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33342", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33186", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.33169", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00136", "scoring_system": "epss", "scoring_elements": "0.3309", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.34456", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.34417", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.34393", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.34149", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.34487", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.34515", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.34382", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.34425", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00142", "scoring_system": "epss", "scoring_elements": "0.34454", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00159", "scoring_system": "epss", "scoring_elements": "0.36257", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00159", "scoring_system": "epss", "scoring_elements": "0.36331", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00159", "scoring_system": "epss", "scoring_elements": "0.36359", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00159", "scoring_system": "epss", "scoring_elements": "0.36275", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00159", "scoring_system": "epss", "scoring_elements": "0.36297", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00159", "scoring_system": "epss", "scoring_elements": "0.36371", "published_at": "2026-05-14T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10109" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926482", "reference_id": "926482", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926482" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923273?format=api", "purl": "pkg:deb/debian/gitlab@11.8.6%2Bdfsg-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@11.8.6%252Bdfsg-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2019-10109" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4v6j-cn1c-s7dd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/191818?format=api", "vulnerability_id": "VCID-53ve-2zag-8yhr", "summary": "An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. Making concurrent GET /api/v4/projects/<id>/languages requests may allow Uncontrolled Resource Consumption.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10113", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.39717", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.40024", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.39852", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.39836", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.39754", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.39626", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.3969", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.39708", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.39622", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.39646", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.40131", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00183", "scoring_system": "epss", "scoring_elements": "0.40101", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40984", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.41016", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40943", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40991", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40999", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.41017", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40982", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40966", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00191", "scoring_system": "epss", "scoring_elements": "0.40903", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10113" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926482", "reference_id": "926482", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926482" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923273?format=api", "purl": "pkg:deb/debian/gitlab@11.8.6%2Bdfsg-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@11.8.6%252Bdfsg-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2019-10113" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-53ve-2zag-8yhr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/191822?format=api", "vulnerability_id": "VCID-6ar9-uaqa-xyfq", "summary": "An Insecure Permissions issue (issue 3 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. Guests of a project were allowed to see Related Branches created for an issue.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10116", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00099", "scoring_system": "epss", "scoring_elements": "0.27236", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00099", "scoring_system": "epss", "scoring_elements": "0.27537", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00099", "scoring_system": "epss", "scoring_elements": "0.27496", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00099", "scoring_system": "epss", "scoring_elements": "0.2739", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00099", "scoring_system": "epss", "scoring_elements": "0.27313", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00099", "scoring_system": "epss", "scoring_elements": "0.27143", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00099", "scoring_system": "epss", "scoring_elements": "0.27206", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00099", "scoring_system": "epss", "scoring_elements": "0.27226", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00099", "scoring_system": "epss", "scoring_elements": "0.27144", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00099", "scoring_system": "epss", "scoring_elements": "0.27159", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00099", "scoring_system": "epss", "scoring_elements": "0.27602", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00099", "scoring_system": "epss", "scoring_elements": "0.27576", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.28418", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.28459", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.28251", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.28317", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.2836", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.28365", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.28321", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.28263", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00103", "scoring_system": "epss", "scoring_elements": "0.28347", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10116" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926482", "reference_id": "926482", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926482" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923273?format=api", "purl": "pkg:deb/debian/gitlab@11.8.6%2Bdfsg-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@11.8.6%252Bdfsg-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2019-10116" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6ar9-uaqa-xyfq" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/191813?format=api", "vulnerability_id": "VCID-6tvy-72tc-jbdr", "summary": "An Insecure Permissions issue (issue 1 of 3) was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. The \"move issue\" feature may allow a user to create projects under any namespace on any GitLab instance on which they hold credentials.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10110", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26438", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26544", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26485", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26479", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.2642", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26288", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26357", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26413", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26342", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26358", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26611", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00096", "scoring_system": "epss", "scoring_elements": "0.26583", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27842", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27883", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27674", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27742", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27786", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27792", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27749", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27691", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.001", "scoring_system": "epss", "scoring_elements": "0.27791", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10110" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926482", "reference_id": "926482", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926482" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923273?format=api", "purl": "pkg:deb/debian/gitlab@11.8.6%2Bdfsg-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@11.8.6%252Bdfsg-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2019-10110" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-6tvy-72tc-jbdr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/191815?format=api", "vulnerability_id": "VCID-c5wm-ghe3-aqab", "summary": "An issue was discovered in GitLab Community and Enterprise Edition before 11.7.8, 11.8.x before 11.8.4, and 11.9.x before 11.9.2. It allows persistent XSS in the merge request \"resolve conflicts\" page.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10111", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.2511", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25185", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25138", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25127", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25083", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.24961", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25025", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25084", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25013", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25033", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25224", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00089", "scoring_system": "epss", "scoring_elements": "0.25214", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.26", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.26042", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25814", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25883", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25935", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25945", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25903", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25849", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00092", "scoring_system": "epss", "scoring_elements": "0.25936", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10111" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926482", "reference_id": "926482", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926482" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923273?format=api", "purl": "pkg:deb/debian/gitlab@11.8.6%2Bdfsg-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@11.8.6%252Bdfsg-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2019-10111" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c5wm-ghe3-aqab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/192226?format=api", "vulnerability_id": "VCID-gsxs-21aw-cygp", "summary": "An issue was discovered in GitLab Community and Enterprise Edition before 11.7.10, 11.8.x before 11.8.6, and 11.9.x before 11.9.4. A regex input validation issue for the .gitlab-ci.yml refs value allows Uncontrolled Resource Consumption.", "references": [ { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10640", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38528", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.3891", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38828", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38663", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38638", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38549", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38429", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38503", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38515", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.38453", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.00174", "scoring_system": "epss", "scoring_elements": "0.3893", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39869", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39893", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39815", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.3987", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39884", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39894", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.3986", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.39843", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00181", "scoring_system": "epss", "scoring_elements": "0.3972", "published_at": "2026-04-01T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2019-10640" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926482", "reference_id": "926482", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926482" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923273?format=api", "purl": "pkg:deb/debian/gitlab@11.8.6%2Bdfsg-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@11.8.6%252Bdfsg-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2019-10640" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gsxs-21aw-cygp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/9445?format=api", "vulnerability_id": "VCID-mfwc-dm4n-vbey", "summary": "Code injection\nThe PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker.", "references": [ { "reference_url": "https://access.redhat.com/errata/RHSA-2018:1414", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:1414" }, { "reference_url": "https://access.redhat.com/errata/RHSA-2018:1415", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://access.redhat.com/errata/RHSA-2018:1415" }, { "reference_url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5158.json", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" } ], "url": "https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2018-5158.json" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5158", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.4138", "scoring_system": "epss", "scoring_elements": "0.97376", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.4138", "scoring_system": "epss", "scoring_elements": "0.97394", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.4138", "scoring_system": "epss", "scoring_elements": "0.97387", "published_at": "2026-04-07T12:55:00Z" }, { "value": "0.4138", "scoring_system": "epss", "scoring_elements": "0.97382", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.43031", "scoring_system": "epss", "scoring_elements": "0.97514", "published_at": "2026-05-09T12:55:00Z" }, { "value": "0.43031", "scoring_system": "epss", "scoring_elements": "0.97522", "published_at": "2026-05-12T12:55:00Z" }, { "value": "0.43031", "scoring_system": "epss", "scoring_elements": "0.97531", "published_at": "2026-05-14T12:55:00Z" }, { "value": "0.43031", "scoring_system": "epss", "scoring_elements": "0.97507", "published_at": "2026-05-05T12:55:00Z" }, { "value": "0.43031", "scoring_system": "epss", "scoring_elements": "0.97511", "published_at": "2026-05-07T12:55:00Z" }, { "value": "0.43031", "scoring_system": "epss", "scoring_elements": "0.97516", "published_at": "2026-05-11T12:55:00Z" }, { "value": "0.43031", "scoring_system": "epss", "scoring_elements": "0.97503", "published_at": "2026-04-29T12:55:00Z" }, { "value": "0.43031", "scoring_system": "epss", "scoring_elements": "0.97499", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.43031", "scoring_system": "epss", "scoring_elements": "0.975", "published_at": "2026-04-26T12:55:00Z" }, { "value": "0.43031", "scoring_system": "epss", "scoring_elements": "0.97497", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.43031", "scoring_system": "epss", "scoring_elements": "0.97489", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.43031", "scoring_system": "epss", "scoring_elements": "0.97488", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.43031", "scoring_system": "epss", "scoring_elements": "0.97486", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.43031", "scoring_system": "epss", "scoring_elements": "0.97484", "published_at": "2026-04-09T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2018-5158" }, { "reference_url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1452075", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://bugzilla.mozilla.org/show_bug.cgi?id=1452075" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5150", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5150" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5154", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5154" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5155", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5155" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5157", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5157" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5158", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5158" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5159", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5159" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5168", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5168" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5178", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5178" }, { "reference_url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5183", "reference_id": "", "reference_type": "", "scores": [], "url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5183" }, { "reference_url": "https://github.com/mozilla/pdf.js", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mozilla/pdf.js" }, { "reference_url": "https://github.com/mozilla/pdf.js/commit/2dc4af525d1612c98afcd1e6bee57d4788f78f97", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mozilla/pdf.js/commit/2dc4af525d1612c98afcd1e6bee57d4788f78f97" }, { "reference_url": "https://github.com/mozilla/pdf.js/pull/9659", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/mozilla/pdf.js/pull/9659" }, { "reference_url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5158", "reference_id": "", "reference_type": "", "scores": [ { "value": "6.8", "scoring_system": "cvssv2", "scoring_elements": "AV:N/AC:M/Au:N/C:P/I:P/A:P" }, { "value": "8.8", "scoring_system": "cvssv3", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-5158" }, { "reference_url": "https://security.gentoo.org/glsa/201810-01", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://security.gentoo.org/glsa/201810-01" }, { "reference_url": "https://usn.ubuntu.com/3645-1", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://usn.ubuntu.com/3645-1" }, { "reference_url": "https://www.debian.org/security/2018/dsa-4199", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.debian.org/security/2018/dsa-4199" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2018-11", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2018-11" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2018-11/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.mozilla.org/security/advisories/mfsa2018-11/" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2018-12", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/security/advisories/mfsa2018-12" }, { "reference_url": "https://www.mozilla.org/security/advisories/mfsa2018-12/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.mozilla.org/security/advisories/mfsa2018-12/" }, { "reference_url": "http://www.securityfocus.com/bid/104136", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securityfocus.com/bid/104136" }, { "reference_url": "http://www.securitytracker.com/id/1040896", "reference_id": "", "reference_type": "", "scores": [ { "value": "8.8", "scoring_system": "cvssv3.1", "scoring_elements": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" }, { "value": "HIGH", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://www.securitytracker.com/id/1040896" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=1576259", "reference_id": "1576259", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1576259" }, { "reference_url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926482", "reference_id": "926482", "reference_type": "", "scores": [], "url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=926482" }, { "reference_url": "https://security.archlinux.org/ASA-201805-10", "reference_id": "ASA-201805-10", "reference_type": "", "scores": [], "url": "https://security.archlinux.org/ASA-201805-10" }, { "reference_url": "https://security.archlinux.org/AVG-693", "reference_id": "AVG-693", "reference_type": "", "scores": [ { "value": "Critical", "scoring_system": "archlinux", "scoring_elements": "" } ], "url": "https://security.archlinux.org/AVG-693" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:mozilla:firefox:*:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.10:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_id": "cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.5:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_eus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*" }, { "reference_url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_id": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*" }, { "reference_url": "https://github.com/advisories/GHSA-7jg2-jgv3-fmr4", "reference_id": "GHSA-7jg2-jgv3-fmr4", "reference_type": "", "scores": [ { "value": "HIGH", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-7jg2-jgv3-fmr4" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-11", "reference_id": "mfsa2018-11", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-11" }, { "reference_url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-12", "reference_id": "mfsa2018-12", "reference_type": "", "scores": [ { "value": "critical", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://www.mozilla.org/en-US/security/advisories/mfsa2018-12" }, { "reference_url": "https://usn.ubuntu.com/3645-1/", "reference_id": "USN-3645-1", "reference_type": "", "scores": [], "url": "https://usn.ubuntu.com/3645-1/" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/923273?format=api", "purl": "pkg:deb/debian/gitlab@11.8.6%2Bdfsg-1?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@11.8.6%252Bdfsg-1%3Fdistro=sid" }, { "url": "http://public2.vulnerablecode.io/api/packages/923255?format=api", "purl": "pkg:deb/debian/gitlab@17.6.5-19?distro=sid", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@17.6.5-19%3Fdistro=sid" } ], "aliases": [ "CVE-2018-5158", "GHSA-7jg2-jgv3-fmr4" ], "risk_score": 4.5, "exploitability": "0.5", "weighted_severity": "9.0", "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mfwc-dm4n-vbey" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:deb/debian/gitlab@11.8.6%252Bdfsg-1%3Fdistro=sid" }