CVE-2021-22224
6.5
MEDIUM
CVSS 3.1
EPSS 0.37%
Description
A cross-site request forgery vulnerability in the GraphQL API in GitLab since version 13.12 and before versions 13.12.6 and 14.0.2 allowed an attacker to call mutations as the victim
How to fix CVE-2021-22224
To remediate CVE-2021-22224, upgrade the affected package to a fixed version below.
- Bitnami/gitlab—upgrade to 13.12.6 or later
Is CVE-2021-22224 being exploited?
Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- >= 13.12.0, < 13.12.6, >= 14.0.0, < 14.0.2
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N |