Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-p1hz-pafy-3ubc
SummaryGokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to version 2.2.3, the upload status SSE implementation on /uploadStatus publishes global upload state to any authenticated listener and includes file_id values that are not scoped to the requesting user. This issue has been patched in version 2.2.3.
Aliases
0
alias CVE-2026-28682
1
alias GHSA-c36c-7pc2-f2ph
Fixed_packages
Affected_packages
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2026-28682
reference_id
reference_type
scores
0
value 9e-05
scoring_system epss
scoring_elements 0.00955
published_at 2026-06-12T12:55:00Z
1
value 9e-05
scoring_system epss
scoring_elements 0.00965
published_at 2026-06-14T12:55:00Z
2
value 9e-05
scoring_system epss
scoring_elements 0.00957
published_at 2026-06-11T12:55:00Z
3
value 9e-05
scoring_system epss
scoring_elements 0.00962
published_at 2026-06-13T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2026-28682
1
reference_url https://github.com/Forceu/Gokapi
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/Forceu/Gokapi
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2026-28682
reference_id
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2026-28682
3
reference_url https://github.com/Forceu/Gokapi/security/advisories/GHSA-c36c-7pc2-f2ph
reference_id GHSA-c36c-7pc2-f2ph
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-06T15:50:35Z/
url https://github.com/Forceu/Gokapi/security/advisories/GHSA-c36c-7pc2-f2ph
4
reference_url https://github.com/Forceu/Gokapi/releases/tag/v2.2.3
reference_id v2.2.3
reference_type
scores
0
value 6.4
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
2
value Track
scoring_system ssvc
scoring_elements SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2026-03-06T15:50:35Z/
url https://github.com/Forceu/Gokapi/releases/tag/v2.2.3
Weaknesses
0
cwe_id 200
name Exposure of Sensitive Information to an Unauthorized Actor
description The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
1
cwe_id 284
name Improper Access Control
description The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Exploits
Severity_range_score4.0 - 6.9
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-p1hz-pafy-3ubc