Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-r88h-mteg-yka9
Summary
Improper Control of Generation of Code ('Code Injection')
The Repositories component in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to conduct PHP object injection attacks and execute arbitrary code via serialized data associated with an add-on.
Aliases
0
alias CVE-2014-3541
1
alias GHSA-fccf-p8fx-vjj4
Fixed_packages
0
url pkg:composer/moodle/moodle@2.4.11
purl pkg:composer/moodle/moodle@2.4.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.4.11
1
url pkg:composer/moodle/moodle@2.5.7
purl pkg:composer/moodle/moodle@2.5.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.5.7
2
url pkg:composer/moodle/moodle@2.6.4
purl pkg:composer/moodle/moodle@2.6.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.4
3
url pkg:composer/moodle/moodle@2.7.1
purl pkg:composer/moodle/moodle@2.7.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.1
Affected_packages
0
url pkg:composer/moodle/moodle@2.5.0
purl pkg:composer/moodle/moodle@2.5.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ehh-qz6c-ykhp
1
vulnerability VCID-1whm-dsv7-t7gm
2
vulnerability VCID-4v57-bu85-syhr
3
vulnerability VCID-4xqt-yugc-qufr
4
vulnerability VCID-5ru2-1n1f-afa4
5
vulnerability VCID-6v43-drd7-ufd7
6
vulnerability VCID-7g7m-bu5q-gbcx
7
vulnerability VCID-88pw-zwqn-cqfd
8
vulnerability VCID-cvqm-kjhx-q7ej
9
vulnerability VCID-czph-uxwr-5uge
10
vulnerability VCID-ea5s-xphb-6ub7
11
vulnerability VCID-gdz8-d8j3-nqdh
12
vulnerability VCID-h8xn-n98n-qqdv
13
vulnerability VCID-j3t3-svwb-p7bn
14
vulnerability VCID-q3wv-9hj6-vbgt
15
vulnerability VCID-qpu2-8paz-7ydv
16
vulnerability VCID-qxyw-7hnt-hqd6
17
vulnerability VCID-r88h-mteg-yka9
18
vulnerability VCID-rdfn-52p2-afa7
19
vulnerability VCID-s5cy-eva4-wbaf
20
vulnerability VCID-ucg8-htfc-2bhn
21
vulnerability VCID-vrfy-36yc-muhr
22
vulnerability VCID-vs2j-b4qg-nbgu
23
vulnerability VCID-vwyj-z4gf-8fg5
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.5.0
1
url pkg:composer/moodle/moodle@2.6.0
purl pkg:composer/moodle/moodle@2.6.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ehh-qz6c-ykhp
1
vulnerability VCID-1rar-m2g3-27ag
2
vulnerability VCID-1whm-dsv7-t7gm
3
vulnerability VCID-29yj-e9bd-queq
4
vulnerability VCID-3xwm-hqap-8bct
5
vulnerability VCID-4v57-bu85-syhr
6
vulnerability VCID-4xqt-yugc-qufr
7
vulnerability VCID-5c29-qn3p-3yde
8
vulnerability VCID-5ru2-1n1f-afa4
9
vulnerability VCID-6v43-drd7-ufd7
10
vulnerability VCID-7g7m-bu5q-gbcx
11
vulnerability VCID-7x8g-tdd5-kqbs
12
vulnerability VCID-88pw-zwqn-cqfd
13
vulnerability VCID-8q4n-d565-kfbn
14
vulnerability VCID-bfmx-cwap-8yhp
15
vulnerability VCID-cvqm-kjhx-q7ej
16
vulnerability VCID-czph-uxwr-5uge
17
vulnerability VCID-ea5s-xphb-6ub7
18
vulnerability VCID-fs9k-21es-rygd
19
vulnerability VCID-fumj-9pun-zfc5
20
vulnerability VCID-gdz8-d8j3-nqdh
21
vulnerability VCID-h8xn-n98n-qqdv
22
vulnerability VCID-hbky-xx53-vkct
23
vulnerability VCID-hck4-emsr-q7dc
24
vulnerability VCID-j3t3-svwb-p7bn
25
vulnerability VCID-krn6-pwk5-ake2
26
vulnerability VCID-kzwd-2e6n-fkbm
27
vulnerability VCID-q3wv-9hj6-vbgt
28
vulnerability VCID-qpu2-8paz-7ydv
29
vulnerability VCID-qxyw-7hnt-hqd6
30
vulnerability VCID-r88h-mteg-yka9
31
vulnerability VCID-rdfn-52p2-afa7
32
vulnerability VCID-s5cy-eva4-wbaf
33
vulnerability VCID-ucg8-htfc-2bhn
34
vulnerability VCID-uptz-tj66-7yfk
35
vulnerability VCID-uvgt-7m5a-xkdc
36
vulnerability VCID-v4qm-48kk-pfaz
37
vulnerability VCID-v7zm-cw8w-6yf8
38
vulnerability VCID-vda3-4fgr-gfbw
39
vulnerability VCID-vrfy-36yc-muhr
40
vulnerability VCID-vs2j-b4qg-nbgu
41
vulnerability VCID-vwyj-z4gf-8fg5
42
vulnerability VCID-xnmk-jah2-ufce
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.0
2
url pkg:composer/moodle/moodle@2.7.0
purl pkg:composer/moodle/moodle@2.7.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ehh-qz6c-ykhp
1
vulnerability VCID-1rar-m2g3-27ag
2
vulnerability VCID-1z6j-fs6f-eua1
3
vulnerability VCID-29yj-e9bd-queq
4
vulnerability VCID-2dxb-v1af-jbax
5
vulnerability VCID-2y3m-yuaj-vkf2
6
vulnerability VCID-37j1-ym2f-1fbc
7
vulnerability VCID-37pj-u3gh-n7fd
8
vulnerability VCID-3xwm-hqap-8bct
9
vulnerability VCID-46jw-xjbu-b3f1
10
vulnerability VCID-4cx7-eaax-8uhr
11
vulnerability VCID-4kq5-ctsv-eka8
12
vulnerability VCID-5c29-qn3p-3yde
13
vulnerability VCID-5nfq-4syg-87da
14
vulnerability VCID-5rbf-4dz3-2qdz
15
vulnerability VCID-5vx4-qtb2-fqe9
16
vulnerability VCID-62yh-cpfr-9bb1
17
vulnerability VCID-8cc1-hbzm-87bx
18
vulnerability VCID-8q4n-d565-kfbn
19
vulnerability VCID-95mq-m2jz-a3ab
20
vulnerability VCID-9z66-z9af-17f7
21
vulnerability VCID-a3pu-x51u-1udr
22
vulnerability VCID-an53-nu91-k3d7
23
vulnerability VCID-aqc8-tmeg-9fdd
24
vulnerability VCID-b9ej-hx7z-1bb8
25
vulnerability VCID-bfmx-cwap-8yhp
26
vulnerability VCID-czph-uxwr-5uge
27
vulnerability VCID-d3yp-gq4c-vyf8
28
vulnerability VCID-dhku-uah4-ykh8
29
vulnerability VCID-ea5s-xphb-6ub7
30
vulnerability VCID-eaqp-7abt-6kg9
31
vulnerability VCID-emu7-jhv2-zqb8
32
vulnerability VCID-evke-m8nn-6ua3
33
vulnerability VCID-fumj-9pun-zfc5
34
vulnerability VCID-g4hn-yz26-1beb
35
vulnerability VCID-gvan-87dt-b7fp
36
vulnerability VCID-h8xn-n98n-qqdv
37
vulnerability VCID-hbky-xx53-vkct
38
vulnerability VCID-hck4-emsr-q7dc
39
vulnerability VCID-j11s-2mhg-pfdn
40
vulnerability VCID-k6pw-51st-b3d2
41
vulnerability VCID-kgvw-uxf4-wbc1
42
vulnerability VCID-krn6-pwk5-ake2
43
vulnerability VCID-kzwd-2e6n-fkbm
44
vulnerability VCID-n9uc-b76m-8fbs
45
vulnerability VCID-nfdb-m7rg-47ca
46
vulnerability VCID-qxyw-7hnt-hqd6
47
vulnerability VCID-r3f7-9paf-83ht
48
vulnerability VCID-r88h-mteg-yka9
49
vulnerability VCID-rdfn-52p2-afa7
50
vulnerability VCID-rscq-xx52-2ua8
51
vulnerability VCID-s3bw-w61k-eqhy
52
vulnerability VCID-s3ue-e5h8-f3dy
53
vulnerability VCID-s5cy-eva4-wbaf
54
vulnerability VCID-tmwc-f872-mufw
55
vulnerability VCID-ucg8-htfc-2bhn
56
vulnerability VCID-uptz-tj66-7yfk
57
vulnerability VCID-uvgt-7m5a-xkdc
58
vulnerability VCID-v4qm-48kk-pfaz
59
vulnerability VCID-v54t-5thx-1beu
60
vulnerability VCID-v6ha-ekxw-7bfr
61
vulnerability VCID-v7zm-cw8w-6yf8
62
vulnerability VCID-vda3-4fgr-gfbw
63
vulnerability VCID-vs2j-b4qg-nbgu
64
vulnerability VCID-vtq4-fpr8-hudb
65
vulnerability VCID-wavt-rrws-3yhs
66
vulnerability VCID-wawr-t9dc-33fj
67
vulnerability VCID-xmm4-zw49-3feh
68
vulnerability VCID-xnmk-jah2-ufce
69
vulnerability VCID-xy2y-yxfu-xfgm
70
vulnerability VCID-y2vh-7r7h-9ugu
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.0
References
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45616
reference_id
reference_type
scores
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-45616
1
reference_url http://openwall.com/lists/oss-security/2014/07/21/1
reference_id
reference_type
scores
url http://openwall.com/lists/oss-security/2014/07/21/1
2
reference_url https://github.com/moodle/moodle/commit/3fe105953d14766393e24372806fcf0a2b77c96d
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/3fe105953d14766393e24372806fcf0a2b77c96d
3
reference_url https://github.com/moodle/moodle/commit/40d52d4067c2ee062a5b16c780753c6f97413894
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/40d52d4067c2ee062a5b16c780753c6f97413894
4
reference_url https://github.com/moodle/moodle/commit/5c4ef26c39d3106315f74c26cdcca779ba74254c
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/5c4ef26c39d3106315f74c26cdcca779ba74254c
5
reference_url https://github.com/moodle/moodle/commit/61961447c29d48e5a494e7c02e653d6ff00551b2
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/61961447c29d48e5a494e7c02e653d6ff00551b2
6
reference_url https://github.com/moodle/moodle/commit/68170f0b01ccaade799c4cab2312ce6a825fb844
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/68170f0b01ccaade799c4cab2312ce6a825fb844
7
reference_url https://github.com/moodle/moodle/commit/7bcf9b1e2cbdd1e877b828da75b17e3f8318fafc
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/7bcf9b1e2cbdd1e877b828da75b17e3f8318fafc
8
reference_url https://github.com/moodle/moodle/commit/867f40990bde6152e01604d106ddac8433018f42
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/867f40990bde6152e01604d106ddac8433018f42
9
reference_url https://github.com/moodle/moodle/commit/cb2b42aed8d9ce3c9840ad825f2e0e7e81bfad91
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/cb2b42aed8d9ce3c9840ad825f2e0e7e81bfad91
10
reference_url https://github.com/moodle/moodle/commit/e29bb97c0756de511ba287b40790d8275a991d33
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/e29bb97c0756de511ba287b40790d8275a991d33
11
reference_url https://moodle.org/mod/forum/discuss.php?d=264262
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=264262
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2014-3541
reference_id CVE-2014-3541
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2014-3541
13
reference_url https://github.com/advisories/GHSA-fccf-p8fx-vjj4
reference_id GHSA-fccf-p8fx-vjj4
reference_type
scores
url https://github.com/advisories/GHSA-fccf-p8fx-vjj4
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 78
name Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
description The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
3
cwe_id 94
name Improper Control of Generation of Code ('Code Injection')
description The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Exploits
Severity_range_scorenull
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-r88h-mteg-yka9