Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:pypi/moin@1.9.6
Typepypi
Namespace
Namemoin
Version1.9.6
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version1.9.11
Latest_non_vulnerable_version1.9.11
Affected_by_vulnerabilities
0
url VCID-1kv8-4wn6-yydy
vulnerability_id VCID-1kv8-4wn6-yydy
summary MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation or crafted URL" approach, related to a "Cross Site Scripting (XSS)" issue affecting the action=fckdialog&dialog=attachment (via page name) component.
references
0
reference_url https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html
reference_id
reference_type
scores
url https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html
1
reference_url http://www.debian.org/security/2016/dsa-3715
reference_id
reference_type
scores
url http://www.debian.org/security/2016/dsa-3715
2
reference_url http://www.securityfocus.com/bid/94259
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/94259
3
reference_url http://www.ubuntu.com/usn/USN-3137-1
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-3137-1
fixed_packages
0
url pkg:pypi/moin@1.9.9
purl pkg:pypi/moin@1.9.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2yaq-3m4p-q3bu
1
vulnerability VCID-4fn8-ab2r-23dk
2
vulnerability VCID-kjqq-u9hy-5yda
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.9
aliases CVE-2016-7146, PYSEC-2016-30
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1kv8-4wn6-yydy
1
url VCID-2yaq-3m4p-q3bu
vulnerability_id VCID-2yaq-3m4p-q3bu
summary MoinMoin is a wiki engine. In MoinMoin before version 1.9.11, an attacker with write permissions can upload an SVG file that contains malicious javascript. This javascript will be executed in a user's browser when the user is viewing that SVG file on the wiki. Users are strongly advised to upgrade to a patched version. MoinMoin Wiki 1.9.11 has the necessary fixes and also contains other important fixes.
references
0
reference_url https://advisory.checkmarx.net/advisory/CX-2020-4285
reference_id
reference_type
scores
url https://advisory.checkmarx.net/advisory/CX-2020-4285
1
reference_url https://github.com/moinwiki/moin-1.9/commit/31de9139d0aabc171e94032168399b4a0b2a88a2
reference_id
reference_type
scores
url https://github.com/moinwiki/moin-1.9/commit/31de9139d0aabc171e94032168399b4a0b2a88a2
2
reference_url https://github.com/moinwiki/moin-1.9/releases/tag/1.9.11
reference_id
reference_type
scores
url https://github.com/moinwiki/moin-1.9/releases/tag/1.9.11
3
reference_url https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-4q96-6xhq-ff43
reference_id
reference_type
scores
url https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-4q96-6xhq-ff43
fixed_packages
0
url pkg:pypi/moin@1.9.11
purl pkg:pypi/moin@1.9.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.11
aliases CVE-2020-15275, GHSA-4q96-6xhq-ff43, PYSEC-2020-241
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2yaq-3m4p-q3bu
2
url VCID-4fn8-ab2r-23dk
vulnerability_id VCID-4fn8-ab2r-23dk
summary Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.10 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
references
0
reference_url http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00024.html
reference_id
reference_type
scores
url http://lists.opensuse.org/opensuse-security-announce/2018-10/msg00024.html
1
reference_url http://moinmo.in/SecurityFixes
reference_id
reference_type
scores
url http://moinmo.in/SecurityFixes
2
reference_url https://github.com/advisories/GHSA-42fp-4hm3-j8r7
reference_id
reference_type
scores
url https://github.com/advisories/GHSA-42fp-4hm3-j8r7
3
reference_url https://github.com/moinwiki/moin-1.9
reference_id
reference_type
scores
url https://github.com/moinwiki/moin-1.9
4
reference_url https://github.com/moinwiki/moin-1.9/commit/70955a8eae091cc88fd9a6e510177e70289ec024
reference_id
reference_type
scores
url https://github.com/moinwiki/moin-1.9/commit/70955a8eae091cc88fd9a6e510177e70289ec024
5
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/moin/PYSEC-2018-47.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/moin/PYSEC-2018-47.yaml
6
reference_url https://lists.debian.org/debian-lts-announce/2018/10/msg00007.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2018/10/msg00007.html
7
reference_url https://usn.ubuntu.com/3794-1
reference_id
reference_type
scores
url https://usn.ubuntu.com/3794-1
8
reference_url https://usn.ubuntu.com/3794-1/
reference_id
reference_type
scores
url https://usn.ubuntu.com/3794-1/
9
reference_url https://www.debian.org/security/2018/dsa-4318
reference_id
reference_type
scores
url https://www.debian.org/security/2018/dsa-4318
10
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-5934
reference_id CVE-2017-5934
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-5934
fixed_packages
0
url pkg:pypi/moin@1.9.10
purl pkg:pypi/moin@1.9.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2yaq-3m4p-q3bu
1
vulnerability VCID-kjqq-u9hy-5yda
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.10
aliases CVE-2017-5934, GHSA-42fp-4hm3-j8r7, PYSEC-2018-47
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4fn8-ab2r-23dk
3
url VCID-5hn2-1bvq-jfdh
vulnerability_id VCID-5hn2-1bvq-jfdh
summary MoinMoin 1.9.8 allows remote attackers to conduct "JavaScript injection" attacks by using the "page creation" approach, related to a "Cross Site Scripting (XSS)" issue affecting the action=AttachFile (via page name) component.
references
0
reference_url https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html
reference_id
reference_type
scores
url https://www.curesec.com/blog/article/blog/MoinMoin-198-XSS-175.html
1
reference_url http://www.debian.org/security/2016/dsa-3715
reference_id
reference_type
scores
url http://www.debian.org/security/2016/dsa-3715
2
reference_url http://www.securityfocus.com/bid/94259
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/94259
3
reference_url http://www.ubuntu.com/usn/USN-3137-1
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-3137-1
fixed_packages
0
url pkg:pypi/moin@1.9.9
purl pkg:pypi/moin@1.9.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2yaq-3m4p-q3bu
1
vulnerability VCID-4fn8-ab2r-23dk
2
vulnerability VCID-kjqq-u9hy-5yda
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.9
aliases CVE-2016-7148, PYSEC-2016-31
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5hn2-1bvq-jfdh
4
url VCID-kjqq-u9hy-5yda
vulnerability_id VCID-kjqq-u9hy-5yda
summary The cache action in action/cache.py in MoinMoin through 1.9.10 allows directory traversal through a crafted HTTP request. An attacker who can upload attachments to the wiki can use this to achieve remote code execution.
references
0
reference_url http://moinmo.in/SecurityFixes
reference_id
reference_type
scores
url http://moinmo.in/SecurityFixes
1
reference_url https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-52q8-877j-gghq
reference_id
reference_type
scores
url https://github.com/moinwiki/moin-1.9/security/advisories/GHSA-52q8-877j-gghq
2
reference_url https://lists.debian.org/debian-lts-announce/2020/11/msg00020.html
reference_id
reference_type
scores
url https://lists.debian.org/debian-lts-announce/2020/11/msg00020.html
3
reference_url https://www.debian.org/security/2020/dsa-4787
reference_id
reference_type
scores
url https://www.debian.org/security/2020/dsa-4787
fixed_packages
0
url pkg:pypi/moin@1.9.11
purl pkg:pypi/moin@1.9.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.11
aliases CVE-2020-25074, GHSA-52q8-877j-gghq, PYSEC-2020-67
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kjqq-u9hy-5yda
5
url VCID-tkp3-e758-suhx
vulnerability_id VCID-tkp3-e758-suhx
summary Cross-site scripting (XSS) vulnerability in the link dialogue in GUI editor in MoinMoin before 1.9.8 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
references
0
reference_url https://moinmo.in/SecurityFixes
reference_id
reference_type
scores
url https://moinmo.in/SecurityFixes
1
reference_url http://www.debian.org/security/2016/dsa-3715
reference_id
reference_type
scores
url http://www.debian.org/security/2016/dsa-3715
2
reference_url http://www.securityfocus.com/bid/94501
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/94501
3
reference_url http://www.ubuntu.com/usn/USN-3137-1
reference_id
reference_type
scores
url http://www.ubuntu.com/usn/USN-3137-1
fixed_packages
0
url pkg:pypi/moin@1.9.8
purl pkg:pypi/moin@1.9.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1kv8-4wn6-yydy
1
vulnerability VCID-2yaq-3m4p-q3bu
2
vulnerability VCID-4fn8-ab2r-23dk
3
vulnerability VCID-5hn2-1bvq-jfdh
4
vulnerability VCID-kjqq-u9hy-5yda
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.8
aliases CVE-2016-9119, PYSEC-2017-20
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tkp3-e758-suhx
Fixing_vulnerabilities
0
url VCID-1fak-dar5-tuet
vulnerability_id VCID-1fak-dar5-tuet
summary Multiple directory traversal vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to overwrite arbitrary files via unspecified vectors. NOTE: this can be leveraged with CVE-2012-6081 to execute arbitrary code.
references
0
reference_url http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f
reference_id
reference_type
scores
url http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f
1
reference_url http://moinmo.in/MoinMoinRelease1.9
reference_id
reference_type
scores
url http://moinmo.in/MoinMoinRelease1.9
2
reference_url http://moinmo.in/SecurityFixes
reference_id
reference_type
scores
url http://moinmo.in/SecurityFixes
3
reference_url https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599
reference_id
reference_type
scores
url https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599
4
reference_url http://secunia.com/advisories/51696
reference_id
reference_type
scores
url http://secunia.com/advisories/51696
5
reference_url http://ubuntu.com/usn/usn-1680-1
reference_id
reference_type
scores
url http://ubuntu.com/usn/usn-1680-1
6
reference_url http://www.debian.org/security/2012/dsa-2593
reference_id
reference_type
scores
url http://www.debian.org/security/2012/dsa-2593
7
reference_url http://www.openwall.com/lists/oss-security/2012/12/29/6
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2012/12/29/6
8
reference_url http://www.openwall.com/lists/oss-security/2012/12/30/4
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2012/12/30/4
fixed_packages
0
url pkg:pypi/moin@1.9.6
purl pkg:pypi/moin@1.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1kv8-4wn6-yydy
1
vulnerability VCID-2yaq-3m4p-q3bu
2
vulnerability VCID-4fn8-ab2r-23dk
3
vulnerability VCID-5hn2-1bvq-jfdh
4
vulnerability VCID-kjqq-u9hy-5yda
5
vulnerability VCID-tkp3-e758-suhx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.6
aliases CVE-2012-6495, PYSEC-2013-7
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1fak-dar5-tuet
1
url VCID-3z75-azrr-2qac
vulnerability_id VCID-3z75-azrr-2qac
summary Cross-site scripting (XSS) vulnerability in the rsslink function in theme/__init__.py in MoinMoin 1.9.5 allows remote attackers to inject arbitrary web script or HTML via the page name in a rss link.
references
0
reference_url http://hg.moinmo.in/moin/1.9/rev/c98ec456e493
reference_id
reference_type
scores
url http://hg.moinmo.in/moin/1.9/rev/c98ec456e493
1
reference_url http://moinmo.in/SecurityFixes
reference_id
reference_type
scores
url http://moinmo.in/SecurityFixes
2
reference_url http://secunia.com/advisories/51663
reference_id
reference_type
scores
url http://secunia.com/advisories/51663
3
reference_url http://www.openwall.com/lists/oss-security/2012/12/29/7
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2012/12/29/7
4
reference_url http://www.openwall.com/lists/oss-security/2012/12/30/5
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2012/12/30/5
5
reference_url http://www.securityfocus.com/bid/57089
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/57089
fixed_packages
0
url pkg:pypi/moin@1.9.6
purl pkg:pypi/moin@1.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1kv8-4wn6-yydy
1
vulnerability VCID-2yaq-3m4p-q3bu
2
vulnerability VCID-4fn8-ab2r-23dk
3
vulnerability VCID-5hn2-1bvq-jfdh
4
vulnerability VCID-kjqq-u9hy-5yda
5
vulnerability VCID-tkp3-e758-suhx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.6
aliases CVE-2012-6082, PYSEC-2013-23
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-3z75-azrr-2qac
2
url VCID-4q2t-yhg6-k3dg
vulnerability_id VCID-4q2t-yhg6-k3dg
summary Multiple unrestricted file upload vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in an unspecified directory, as exploited in the wild in July 2012.
references
0
reference_url http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f
reference_id
reference_type
scores
url http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f
1
reference_url http://moinmo.in/MoinMoinRelease1.9
reference_id
reference_type
scores
url http://moinmo.in/MoinMoinRelease1.9
2
reference_url http://moinmo.in/SecurityFixes
reference_id
reference_type
scores
url http://moinmo.in/SecurityFixes
3
reference_url https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599
reference_id
reference_type
scores
url https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599
4
reference_url http://secunia.com/advisories/51663
reference_id
reference_type
scores
url http://secunia.com/advisories/51663
5
reference_url http://secunia.com/advisories/51676
reference_id
reference_type
scores
url http://secunia.com/advisories/51676
6
reference_url http://secunia.com/advisories/51696
reference_id
reference_type
scores
url http://secunia.com/advisories/51696
7
reference_url https://github.com/moinwiki/moin
reference_id
reference_type
scores
url https://github.com/moinwiki/moin
8
reference_url https://github.com/pypa/advisory-database/tree/main/vulns/moin/PYSEC-2013-6.yaml
reference_id
reference_type
scores
url https://github.com/pypa/advisory-database/tree/main/vulns/moin/PYSEC-2013-6.yaml
9
reference_url https://web.archive.org/web/20200228165146/http://www.securityfocus.com/bid/57082
reference_id
reference_type
scores
url https://web.archive.org/web/20200228165146/http://www.securityfocus.com/bid/57082
10
reference_url http://ubuntu.com/usn/usn-1680-1
reference_id
reference_type
scores
url http://ubuntu.com/usn/usn-1680-1
11
reference_url http://www.debian.org/security/2012/dsa-2593
reference_id
reference_type
scores
url http://www.debian.org/security/2012/dsa-2593
12
reference_url http://www.exploit-db.com/exploits/25304
reference_id
reference_type
scores
url http://www.exploit-db.com/exploits/25304
13
reference_url http://www.openwall.com/lists/oss-security/2012/12/29/6
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2012/12/29/6
14
reference_url http://www.openwall.com/lists/oss-security/2012/12/30/4
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2012/12/30/4
15
reference_url http://www.securityfocus.com/bid/57082
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/57082
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-6081
reference_id CVE-2012-6081
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2012-6081
17
reference_url https://github.com/advisories/GHSA-m2c4-jgmm-fvq3
reference_id GHSA-m2c4-jgmm-fvq3
reference_type
scores
url https://github.com/advisories/GHSA-m2c4-jgmm-fvq3
fixed_packages
0
url pkg:pypi/moin@1.9.6
purl pkg:pypi/moin@1.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1kv8-4wn6-yydy
1
vulnerability VCID-2yaq-3m4p-q3bu
2
vulnerability VCID-4fn8-ab2r-23dk
3
vulnerability VCID-5hn2-1bvq-jfdh
4
vulnerability VCID-kjqq-u9hy-5yda
5
vulnerability VCID-tkp3-e758-suhx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.6
aliases CVE-2012-6081, GHSA-m2c4-jgmm-fvq3, PYSEC-2013-6
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4q2t-yhg6-k3dg
3
url VCID-h1wf-35g5-5ucz
vulnerability_id VCID-h1wf-35g5-5ucz
summary Directory traversal vulnerability in the _do_attachment_move function in the AttachFile action (action/AttachFile.py) in MoinMoin 1.9.3 through 1.9.5 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a file name.
references
0
reference_url http://hg.moinmo.in/moin/1.9/rev/3c27131a3c52
reference_id
reference_type
scores
url http://hg.moinmo.in/moin/1.9/rev/3c27131a3c52
1
reference_url http://moinmo.in/SecurityFixes
reference_id
reference_type
scores
url http://moinmo.in/SecurityFixes
2
reference_url https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599
reference_id
reference_type
scores
url https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599
3
reference_url http://secunia.com/advisories/51663
reference_id
reference_type
scores
url http://secunia.com/advisories/51663
4
reference_url http://secunia.com/advisories/51676
reference_id
reference_type
scores
url http://secunia.com/advisories/51676
5
reference_url http://secunia.com/advisories/51696
reference_id
reference_type
scores
url http://secunia.com/advisories/51696
6
reference_url http://ubuntu.com/usn/usn-1680-1
reference_id
reference_type
scores
url http://ubuntu.com/usn/usn-1680-1
7
reference_url http://www.debian.org/security/2012/dsa-2593
reference_id
reference_type
scores
url http://www.debian.org/security/2012/dsa-2593
8
reference_url http://www.openwall.com/lists/oss-security/2012/12/30/6
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2012/12/30/6
9
reference_url http://www.securityfocus.com/bid/57076
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/57076
fixed_packages
0
url pkg:pypi/moin@1.9.6
purl pkg:pypi/moin@1.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1kv8-4wn6-yydy
1
vulnerability VCID-2yaq-3m4p-q3bu
2
vulnerability VCID-4fn8-ab2r-23dk
3
vulnerability VCID-5hn2-1bvq-jfdh
4
vulnerability VCID-kjqq-u9hy-5yda
5
vulnerability VCID-tkp3-e758-suhx
resource_url http://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.6
aliases CVE-2012-6080, PYSEC-2013-5
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h1wf-35g5-5ucz
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:pypi/moin@1.9.6