Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-164m-humk-1fe3
Summary
Exposure of Resource to Wrong Sphere
Insufficient capability checks made it possible to fetch other users' calendar action events.
Aliases
0
alias CVE-2021-43560
Fixed_packages
0
url pkg:composer/moodle/moodle@3.8.9
purl pkg:composer/moodle/moodle@3.8.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-57wg-wxss-jbaw
1
vulnerability VCID-hk13-uc46-87h1
2
vulnerability VCID-qfvz-hf8h-8bb3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.8.9
1
url pkg:composer/moodle/moodle@3.9.11
purl pkg:composer/moodle/moodle@3.9.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hk13-uc46-87h1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.11
2
url pkg:composer/moodle/moodle@3.10.8
purl pkg:composer/moodle/moodle@3.10.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.8
3
url pkg:composer/moodle/moodle@3.11.4
purl pkg:composer/moodle/moodle@3.11.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.11.4
Affected_packages
0
url pkg:composer/moodle/moodle@3.8.8
purl pkg:composer/moodle/moodle@3.8.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-164m-humk-1fe3
1
vulnerability VCID-p3ge-1cqt-tufw
2
vulnerability VCID-u32t-89zc-v3gj
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.8.8
1
url pkg:composer/moodle/moodle@3.9.0
purl pkg:composer/moodle/moodle@3.9.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-164m-humk-1fe3
1
vulnerability VCID-1kfj-2zwf-vbfp
2
vulnerability VCID-2cdg-m3pq-ufe5
3
vulnerability VCID-2jta-hqah-d7cf
4
vulnerability VCID-33ss-gb34-8ke5
5
vulnerability VCID-57wg-wxss-jbaw
6
vulnerability VCID-5rk8-v6bb-6ugh
7
vulnerability VCID-b994-r5mw-3fbg
8
vulnerability VCID-bju3-sj3y-83e3
9
vulnerability VCID-cs5n-4bst-zfcj
10
vulnerability VCID-efq2-s2df-pqa1
11
vulnerability VCID-gepg-y7ud-cuds
12
vulnerability VCID-hk13-uc46-87h1
13
vulnerability VCID-hsk6-h5ky-g3cx
14
vulnerability VCID-n7d3-j3jn-rqfc
15
vulnerability VCID-p3ge-1cqt-tufw
16
vulnerability VCID-qfvz-hf8h-8bb3
17
vulnerability VCID-s7pu-hgz5-zfbq
18
vulnerability VCID-taab-hupu-huf9
19
vulnerability VCID-u32t-89zc-v3gj
20
vulnerability VCID-utsj-g57g-cbeb
21
vulnerability VCID-zf4q-a4cz-y7dh
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.0
2
url pkg:composer/moodle/moodle@3.10.0
purl pkg:composer/moodle/moodle@3.10.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-164m-humk-1fe3
1
vulnerability VCID-1kfj-2zwf-vbfp
2
vulnerability VCID-233t-s5y8-4yg5
3
vulnerability VCID-2cdg-m3pq-ufe5
4
vulnerability VCID-2jta-hqah-d7cf
5
vulnerability VCID-57wg-wxss-jbaw
6
vulnerability VCID-bju3-sj3y-83e3
7
vulnerability VCID-cs5n-4bst-zfcj
8
vulnerability VCID-efq2-s2df-pqa1
9
vulnerability VCID-hk13-uc46-87h1
10
vulnerability VCID-j1s3-fyue-2kfy
11
vulnerability VCID-n7d3-j3jn-rqfc
12
vulnerability VCID-p3ge-1cqt-tufw
13
vulnerability VCID-qfvz-hf8h-8bb3
14
vulnerability VCID-taab-hupu-huf9
15
vulnerability VCID-u32t-89zc-v3gj
16
vulnerability VCID-zf4q-a4cz-y7dh
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.0
3
url pkg:composer/moodle/moodle@3.11.0
purl pkg:composer/moodle/moodle@3.11.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-164m-humk-1fe3
1
vulnerability VCID-1kfj-2zwf-vbfp
2
vulnerability VCID-1wzm-dhqv-43bj
3
vulnerability VCID-233t-s5y8-4yg5
4
vulnerability VCID-24bp-c9yc-gua4
5
vulnerability VCID-2trf-n9r4-ykgg
6
vulnerability VCID-2z6d-qf96-kyb4
7
vulnerability VCID-33ss-gb34-8ke5
8
vulnerability VCID-3ept-fdps-5fe5
9
vulnerability VCID-4c9d-jf9g-u3gn
10
vulnerability VCID-57wg-wxss-jbaw
11
vulnerability VCID-5bfe-hk7m-7bh6
12
vulnerability VCID-5q1e-b4e8-jbc8
13
vulnerability VCID-5rk8-v6bb-6ugh
14
vulnerability VCID-7rqc-eepq-43ds
15
vulnerability VCID-7x6e-qege-ufdv
16
vulnerability VCID-8d9n-ejbb-7fa1
17
vulnerability VCID-9uem-p6k3-nqdb
18
vulnerability VCID-b994-r5mw-3fbg
19
vulnerability VCID-cbzx-gnhr-pfap
20
vulnerability VCID-d8gp-tuxy-3qdf
21
vulnerability VCID-dvrf-62nt-2kdp
22
vulnerability VCID-gepg-y7ud-cuds
23
vulnerability VCID-gr4h-n82f-zkg2
24
vulnerability VCID-hk13-uc46-87h1
25
vulnerability VCID-hsk6-h5ky-g3cx
26
vulnerability VCID-jarn-rtuz-wucq
27
vulnerability VCID-jfsu-ya7r-h3e1
28
vulnerability VCID-p3ge-1cqt-tufw
29
vulnerability VCID-qfvz-hf8h-8bb3
30
vulnerability VCID-s7pu-hgz5-zfbq
31
vulnerability VCID-taab-hupu-huf9
32
vulnerability VCID-u32t-89zc-v3gj
33
vulnerability VCID-utsj-g57g-cbeb
34
vulnerability VCID-x1pc-1kuc-kug2
35
vulnerability VCID-yxag-fghx-47ej
36
vulnerability VCID-zf4q-a4cz-y7dh
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.11.0
References
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2021519
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2021519
1
reference_url https://moodle.org/mod/forum/discuss.php?d=429100
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=429100
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-43560
reference_id CVE-2021-43560
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-43560
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 668
name Exposure of Resource to Wrong Sphere
description The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_scorenull
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-164m-humk-1fe3