Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-jsza-gn5n-cfac
Summary
Moodle Open redirect risk in mobile auto-login feature
An open redirect issue was found in Moodle due to improper sanitization of user-supplied data in mobile auto-login feature. A remote attacker can create a link that leads to a trusted website, however, when clicked, it redirects the victims to arbitrary URL/domain. Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.
Aliases
0
alias CVE-2022-35652
1
alias GHSA-243v-5pff-qqfj
Fixed_packages
0
url pkg:composer/moodle/moodle@3.9.15
purl pkg:composer/moodle/moodle@3.9.15
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.15
1
url pkg:composer/moodle/moodle@3.11.8
purl pkg:composer/moodle/moodle@3.11.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.11.8
2
url pkg:composer/moodle/moodle@4.0.2
purl pkg:composer/moodle/moodle@4.0.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.0.2
Affected_packages
0
url pkg:composer/moodle/moodle@3.9.0
purl pkg:composer/moodle/moodle@3.9.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-164m-humk-1fe3
1
vulnerability VCID-1kfj-2zwf-vbfp
2
vulnerability VCID-233t-s5y8-4yg5
3
vulnerability VCID-2cdg-m3pq-ufe5
4
vulnerability VCID-2gtq-u4jg-4uck
5
vulnerability VCID-2jta-hqah-d7cf
6
vulnerability VCID-33ss-gb34-8ke5
7
vulnerability VCID-3cb4-wz6x-ckcd
8
vulnerability VCID-3uvf-6ztd-xkaf
9
vulnerability VCID-42fa-qbft-rfff
10
vulnerability VCID-49gk-ugfy-6bcd
11
vulnerability VCID-4m9g-bu1c-hbec
12
vulnerability VCID-56wj-4124-ryd2
13
vulnerability VCID-57wg-wxss-jbaw
14
vulnerability VCID-5rk8-v6bb-6ugh
15
vulnerability VCID-62fw-qwr5-eyc1
16
vulnerability VCID-6m19-4krm-2udd
17
vulnerability VCID-6rc8-bs9z-5bb2
18
vulnerability VCID-86jh-xn5g-kkgc
19
vulnerability VCID-8aat-cy8z-7qb2
20
vulnerability VCID-b994-r5mw-3fbg
21
vulnerability VCID-bbj9-hpz3-xqhh
22
vulnerability VCID-bhfv-dn14-ukfs
23
vulnerability VCID-bju3-sj3y-83e3
24
vulnerability VCID-c14d-1sa2-rkf6
25
vulnerability VCID-c1a1-z5m1-nfbc
26
vulnerability VCID-cp4k-uz4a-ukh6
27
vulnerability VCID-cs5n-4bst-zfcj
28
vulnerability VCID-dpd2-1sqc-qqfy
29
vulnerability VCID-efq2-s2df-pqa1
30
vulnerability VCID-f3b8-bfqu-8qbk
31
vulnerability VCID-fskk-cb95-uqer
32
vulnerability VCID-g9f7-787g-vyem
33
vulnerability VCID-gepg-y7ud-cuds
34
vulnerability VCID-gnez-ehgq-rfbr
35
vulnerability VCID-gt5j-wemg-17gx
36
vulnerability VCID-hk13-uc46-87h1
37
vulnerability VCID-hsk6-h5ky-g3cx
38
vulnerability VCID-j21p-heue-nqd9
39
vulnerability VCID-jcq6-btgz-fkf6
40
vulnerability VCID-jcsq-3q5z-4kc6
41
vulnerability VCID-jsza-gn5n-cfac
42
vulnerability VCID-kjd6-4drf-9ycm
43
vulnerability VCID-mhm4-8kuk-t7b6
44
vulnerability VCID-mkfz-e1ft-2bcw
45
vulnerability VCID-mqde-66zm-qbbj
46
vulnerability VCID-n7d3-j3jn-rqfc
47
vulnerability VCID-nna3-77cm-vbah
48
vulnerability VCID-nntc-dsz1-e3fp
49
vulnerability VCID-p3ge-1cqt-tufw
50
vulnerability VCID-pgfa-bkaw-q7cq
51
vulnerability VCID-q8s7-ksru-8ygs
52
vulnerability VCID-qfvz-hf8h-8bb3
53
vulnerability VCID-rqde-qn4c-pfd9
54
vulnerability VCID-s7pu-hgz5-zfbq
55
vulnerability VCID-sca8-zx4m-sub6
56
vulnerability VCID-t1vq-5b3t-tbfd
57
vulnerability VCID-taab-hupu-huf9
58
vulnerability VCID-u32t-89zc-v3gj
59
vulnerability VCID-ucyr-e6qr-5qe1
60
vulnerability VCID-utsj-g57g-cbeb
61
vulnerability VCID-vj1z-16nw-5khk
62
vulnerability VCID-xh4x-t7he-pufq
63
vulnerability VCID-yenj-fv96-pbd7
64
vulnerability VCID-z29a-xpcq-p7ct
65
vulnerability VCID-zf4q-a4cz-y7dh
66
vulnerability VCID-zwkk-zazw-6fgg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.0
1
url pkg:composer/moodle/moodle@3.11.0
purl pkg:composer/moodle/moodle@3.11.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-164m-humk-1fe3
1
vulnerability VCID-1kfj-2zwf-vbfp
2
vulnerability VCID-1wzm-dhqv-43bj
3
vulnerability VCID-233t-s5y8-4yg5
4
vulnerability VCID-24bp-c9yc-gua4
5
vulnerability VCID-2gtq-u4jg-4uck
6
vulnerability VCID-2trf-n9r4-ykgg
7
vulnerability VCID-2z6d-qf96-kyb4
8
vulnerability VCID-33ss-gb34-8ke5
9
vulnerability VCID-3ept-fdps-5fe5
10
vulnerability VCID-49gk-ugfy-6bcd
11
vulnerability VCID-4c9d-jf9g-u3gn
12
vulnerability VCID-4m9g-bu1c-hbec
13
vulnerability VCID-57wg-wxss-jbaw
14
vulnerability VCID-5bfe-hk7m-7bh6
15
vulnerability VCID-5q1e-b4e8-jbc8
16
vulnerability VCID-5rk8-v6bb-6ugh
17
vulnerability VCID-62fw-qwr5-eyc1
18
vulnerability VCID-6rc8-bs9z-5bb2
19
vulnerability VCID-7rqc-eepq-43ds
20
vulnerability VCID-7x6e-qege-ufdv
21
vulnerability VCID-86jh-xn5g-kkgc
22
vulnerability VCID-8d9n-ejbb-7fa1
23
vulnerability VCID-9uem-p6k3-nqdb
24
vulnerability VCID-b994-r5mw-3fbg
25
vulnerability VCID-bhfv-dn14-ukfs
26
vulnerability VCID-cbzx-gnhr-pfap
27
vulnerability VCID-cp4k-uz4a-ukh6
28
vulnerability VCID-d8gp-tuxy-3qdf
29
vulnerability VCID-dvrf-62nt-2kdp
30
vulnerability VCID-f3b8-bfqu-8qbk
31
vulnerability VCID-g9f7-787g-vyem
32
vulnerability VCID-gabv-ggbj-ckaj
33
vulnerability VCID-gepg-y7ud-cuds
34
vulnerability VCID-gr4h-n82f-zkg2
35
vulnerability VCID-gt5j-wemg-17gx
36
vulnerability VCID-hk13-uc46-87h1
37
vulnerability VCID-hsk6-h5ky-g3cx
38
vulnerability VCID-j21p-heue-nqd9
39
vulnerability VCID-jarn-rtuz-wucq
40
vulnerability VCID-jfsu-ya7r-h3e1
41
vulnerability VCID-jsza-gn5n-cfac
42
vulnerability VCID-kjd6-4drf-9ycm
43
vulnerability VCID-p3ge-1cqt-tufw
44
vulnerability VCID-q7va-hwg7-fbb4
45
vulnerability VCID-qfvz-hf8h-8bb3
46
vulnerability VCID-rqde-qn4c-pfd9
47
vulnerability VCID-s7pu-hgz5-zfbq
48
vulnerability VCID-sca8-zx4m-sub6
49
vulnerability VCID-t1vq-5b3t-tbfd
50
vulnerability VCID-taab-hupu-huf9
51
vulnerability VCID-u32t-89zc-v3gj
52
vulnerability VCID-ucyr-e6qr-5qe1
53
vulnerability VCID-utsj-g57g-cbeb
54
vulnerability VCID-vj1z-16nw-5khk
55
vulnerability VCID-wnaz-fnev-qqhd
56
vulnerability VCID-x1pc-1kuc-kug2
57
vulnerability VCID-xh4x-t7he-pufq
58
vulnerability VCID-yenj-fv96-pbd7
59
vulnerability VCID-yxag-fghx-47ej
60
vulnerability VCID-z29a-xpcq-p7ct
61
vulnerability VCID-zf4q-a4cz-y7dh
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.11.0
2
url pkg:composer/moodle/moodle@4.0.0
purl pkg:composer/moodle/moodle@4.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1wzm-dhqv-43bj
1
vulnerability VCID-24bp-c9yc-gua4
2
vulnerability VCID-2trf-n9r4-ykgg
3
vulnerability VCID-2z6d-qf96-kyb4
4
vulnerability VCID-33ss-gb34-8ke5
5
vulnerability VCID-3ept-fdps-5fe5
6
vulnerability VCID-49gk-ugfy-6bcd
7
vulnerability VCID-4c9d-jf9g-u3gn
8
vulnerability VCID-4m9g-bu1c-hbec
9
vulnerability VCID-4svp-grnb-2fh3
10
vulnerability VCID-5bfe-hk7m-7bh6
11
vulnerability VCID-5q1e-b4e8-jbc8
12
vulnerability VCID-5rk8-v6bb-6ugh
13
vulnerability VCID-62fw-qwr5-eyc1
14
vulnerability VCID-6rc8-bs9z-5bb2
15
vulnerability VCID-7rqc-eepq-43ds
16
vulnerability VCID-7x6e-qege-ufdv
17
vulnerability VCID-86jh-xn5g-kkgc
18
vulnerability VCID-8d9n-ejbb-7fa1
19
vulnerability VCID-b994-r5mw-3fbg
20
vulnerability VCID-cbzx-gnhr-pfap
21
vulnerability VCID-d8gp-tuxy-3qdf
22
vulnerability VCID-dvrf-62nt-2kdp
23
vulnerability VCID-f3b8-bfqu-8qbk
24
vulnerability VCID-gabv-ggbj-ckaj
25
vulnerability VCID-gepg-y7ud-cuds
26
vulnerability VCID-gt5j-wemg-17gx
27
vulnerability VCID-hsk6-h5ky-g3cx
28
vulnerability VCID-j21p-heue-nqd9
29
vulnerability VCID-jarn-rtuz-wucq
30
vulnerability VCID-jfsu-ya7r-h3e1
31
vulnerability VCID-jsza-gn5n-cfac
32
vulnerability VCID-kjd6-4drf-9ycm
33
vulnerability VCID-ngar-aydn-eye4
34
vulnerability VCID-q7va-hwg7-fbb4
35
vulnerability VCID-rqde-qn4c-pfd9
36
vulnerability VCID-s7pu-hgz5-zfbq
37
vulnerability VCID-sca8-zx4m-sub6
38
vulnerability VCID-sz1m-v8wf-nqgx
39
vulnerability VCID-t1vq-5b3t-tbfd
40
vulnerability VCID-ucyr-e6qr-5qe1
41
vulnerability VCID-utsj-g57g-cbeb
42
vulnerability VCID-vj1z-16nw-5khk
43
vulnerability VCID-x1pc-1kuc-kug2
44
vulnerability VCID-xh4x-t7he-pufq
45
vulnerability VCID-yenj-fv96-pbd7
46
vulnerability VCID-yxag-fghx-47ej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.0.0
References
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-72171
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-72171
1
reference_url https://api.first.org/data/v1/epss?cve=CVE-2022-35652
reference_id
reference_type
scores
0
value 0.0038
scoring_system epss
scoring_elements 0.59788
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2022-35652
2
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2106276
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://bugzilla.redhat.com/show_bug.cgi?id=2106276
3
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://github.com/moodle/moodle
4
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6MOKYVRNFNAODP2XSMGJ5CRDUZCZKAR3
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6MOKYVRNFNAODP2XSMGJ5CRDUZCZKAR3
5
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6MOKYVRNFNAODP2XSMGJ5CRDUZCZKAR3/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6MOKYVRNFNAODP2XSMGJ5CRDUZCZKAR3/
6
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MTKUSFPSYFINSQFSOHDQIDVE6FWBEU6V
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MTKUSFPSYFINSQFSOHDQIDVE6FWBEU6V
7
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MTKUSFPSYFINSQFSOHDQIDVE6FWBEU6V/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/MTKUSFPSYFINSQFSOHDQIDVE6FWBEU6V/
8
reference_url https://moodle.org/mod/forum/discuss.php?d=436459
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://moodle.org/mod/forum/discuss.php?d=436459
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-35652
reference_id
reference_type
scores
0
value 6.1
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2022-35652
10
reference_url https://github.com/advisories/GHSA-243v-5pff-qqfj
reference_id GHSA-243v-5pff-qqfj
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-243v-5pff-qqfj
Weaknesses
0
cwe_id 601
name URL Redirection to Untrusted Site ('Open Redirect')
description A web application accepts a user-controlled input that specifies a link to an external site, and uses that link in a Redirect. This simplifies phishing attacks.
1
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-jsza-gn5n-cfac