Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/43634?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43634?format=api", "vulnerability_id": "VCID-x2qp-yggf-z7h7", "summary": "Exposure of Sensitive Information to an Unauthorized Actor\nCross-site request forgery (CSRF) vulnerability in admin/registration/register.php in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allows remote attackers to hijack the authentication of administrators for requests that send statistics to an arbitrary hub URL.", "aliases": [ { "alias": "CVE-2015-5335" }, { "alias": "GHSA-hpmv-wvq3-gj27" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52561?format=api", "purl": "pkg:composer/moodle/moodle@2.7.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-xmm4-zw49-3feh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/52551?format=api", "purl": "pkg:composer/moodle/moodle@2.8.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3kq3-v2u1-fyhz" }, { "vulnerability": "VCID-xmm4-zw49-3feh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/52553?format=api", "purl": "pkg:composer/moodle/moodle@2.9.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-3kq3-v2u1-fyhz" }, { "vulnerability": "VCID-xmm4-zw49-3feh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.3" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52550?format=api", "purl": "pkg:composer/moodle/moodle@2.8.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1z6j-fs6f-eua1" }, { "vulnerability": "VCID-2y3m-yuaj-vkf2" }, { "vulnerability": "VCID-37j1-ym2f-1fbc" }, { "vulnerability": "VCID-37pj-u3gh-n7fd" }, { "vulnerability": "VCID-3kq3-v2u1-fyhz" }, { "vulnerability": "VCID-46jw-xjbu-b3f1" }, { "vulnerability": "VCID-4cx7-eaax-8uhr" }, { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-5hx1-9xbg-g3fn" }, { "vulnerability": "VCID-5nfq-4syg-87da" }, { "vulnerability": "VCID-5vx4-qtb2-fqe9" }, { "vulnerability": "VCID-62yh-cpfr-9bb1" }, { "vulnerability": "VCID-65y9-9ur2-pugc" }, { "vulnerability": "VCID-7rut-8dau-e3cp" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-95mq-m2jz-a3ab" }, { "vulnerability": "VCID-9z66-z9af-17f7" }, { "vulnerability": "VCID-a34q-gbqw-1bbr" }, { "vulnerability": "VCID-a3pu-x51u-1udr" }, { "vulnerability": "VCID-an53-nu91-k3d7" }, { "vulnerability": "VCID-aqc8-tmeg-9fdd" }, { "vulnerability": "VCID-b9ej-hx7z-1bb8" }, { "vulnerability": "VCID-d3yp-gq4c-vyf8" }, { "vulnerability": "VCID-dnya-ef8u-6bg1" }, { "vulnerability": "VCID-eaqp-7abt-6kg9" }, { "vulnerability": "VCID-emu7-jhv2-zqb8" }, { "vulnerability": "VCID-evke-m8nn-6ua3" }, { "vulnerability": "VCID-fpuj-f6nx-n7a9" }, { "vulnerability": "VCID-fsex-f512-pudv" }, { "vulnerability": "VCID-g4hn-yz26-1beb" }, { "vulnerability": "VCID-gvan-87dt-b7fp" }, { "vulnerability": "VCID-hbky-xx53-vkct" }, { "vulnerability": "VCID-j11s-2mhg-pfdn" }, { "vulnerability": "VCID-jc19-ee46-4uh3" }, { "vulnerability": "VCID-jcnw-cwmz-w7cz" }, { "vulnerability": "VCID-k6pw-51st-b3d2" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-m6zk-p84r-vbh5" }, { "vulnerability": "VCID-n9uc-b76m-8fbs" }, { "vulnerability": "VCID-nfdb-m7rg-47ca" }, { "vulnerability": "VCID-qtt4-455b-abb6" }, { "vulnerability": "VCID-r3f7-9paf-83ht" }, { "vulnerability": "VCID-rscq-xx52-2ua8" }, { "vulnerability": "VCID-ryws-mr9v-7yfp" }, { "vulnerability": "VCID-s3bw-w61k-eqhy" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" }, { "vulnerability": "VCID-sa6m-ecv7-x3ew" }, { "vulnerability": "VCID-t214-wxz7-a3df" }, { "vulnerability": "VCID-tmwc-f872-mufw" }, { "vulnerability": "VCID-trvp-xzf5-pff8" }, { "vulnerability": "VCID-ujja-hfkh-wkez" }, { "vulnerability": "VCID-uptz-tj66-7yfk" }, { "vulnerability": "VCID-v54t-5thx-1beu" }, { "vulnerability": "VCID-v6ha-ekxw-7bfr" }, { "vulnerability": "VCID-vb67-yux5-ayhf" }, { "vulnerability": "VCID-wavt-rrws-3yhs" }, { "vulnerability": "VCID-wg45-hemm-97am" }, { "vulnerability": "VCID-x2qp-yggf-z7h7" }, { "vulnerability": "VCID-xmm4-zw49-3feh" }, { "vulnerability": "VCID-xy2y-yxfu-xfgm" }, { "vulnerability": "VCID-y2vh-7r7h-9ugu" }, { "vulnerability": "VCID-ym1r-ackg-4kc3" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/52552?format=api", "purl": "pkg:composer/moodle/moodle@2.9.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1z6j-fs6f-eua1" }, { "vulnerability": "VCID-37j1-ym2f-1fbc" }, { "vulnerability": "VCID-37pj-u3gh-n7fd" }, { "vulnerability": "VCID-3kq3-v2u1-fyhz" }, { "vulnerability": "VCID-421n-34cp-cka8" }, { "vulnerability": "VCID-4cx7-eaax-8uhr" }, { "vulnerability": "VCID-4kq5-ctsv-eka8" }, { "vulnerability": "VCID-5hx1-9xbg-g3fn" }, { "vulnerability": "VCID-65y9-9ur2-pugc" }, { "vulnerability": "VCID-7rut-8dau-e3cp" }, { "vulnerability": "VCID-8cc1-hbzm-87bx" }, { "vulnerability": "VCID-a34q-gbqw-1bbr" }, { "vulnerability": "VCID-an53-nu91-k3d7" }, { "vulnerability": "VCID-b9ej-hx7z-1bb8" }, { "vulnerability": "VCID-dnya-ef8u-6bg1" }, { "vulnerability": "VCID-eaqp-7abt-6kg9" }, { "vulnerability": "VCID-emu7-jhv2-zqb8" }, { "vulnerability": "VCID-evke-m8nn-6ua3" }, { "vulnerability": "VCID-fpuj-f6nx-n7a9" }, { "vulnerability": "VCID-fsex-f512-pudv" }, { "vulnerability": "VCID-jc19-ee46-4uh3" }, { "vulnerability": "VCID-jcnw-cwmz-w7cz" }, { "vulnerability": "VCID-k6pw-51st-b3d2" }, { "vulnerability": "VCID-kgvw-uxf4-wbc1" }, { "vulnerability": "VCID-m6zk-p84r-vbh5" }, { "vulnerability": "VCID-qtt4-455b-abb6" }, { "vulnerability": "VCID-ryws-mr9v-7yfp" }, { "vulnerability": "VCID-s3ue-e5h8-f3dy" }, { "vulnerability": "VCID-sa6m-ecv7-x3ew" }, { "vulnerability": "VCID-t214-wxz7-a3df" }, { "vulnerability": "VCID-trvp-xzf5-pff8" }, { "vulnerability": "VCID-ujja-hfkh-wkez" }, { "vulnerability": "VCID-v54t-5thx-1beu" }, { "vulnerability": "VCID-v6ha-ekxw-7bfr" }, { "vulnerability": "VCID-vb67-yux5-ayhf" }, { "vulnerability": "VCID-wg45-hemm-97am" }, { "vulnerability": "VCID-x2qp-yggf-z7h7" }, { "vulnerability": "VCID-xmm4-zw49-3feh" }, { "vulnerability": "VCID-xy2y-yxfu-xfgm" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.0" } ], "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51091", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51091" }, { "reference_url": "https://github.com/moodle/moodle/commit/4bb9e1ad8af12b01499c68543e80f7c12fd557ea", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/4bb9e1ad8af12b01499c68543e80f7c12fd557ea" }, { "reference_url": "https://github.com/moodle/moodle/commit/77e072ebec68ba685551b886b71054d1feae6c94", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/77e072ebec68ba685551b886b71054d1feae6c94" }, { "reference_url": "https://github.com/moodle/moodle/commit/7bf5c6a542efa113dbb241a113cb6079f0572443", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/7bf5c6a542efa113dbb241a113cb6079f0572443" }, { "reference_url": "https://github.com/moodle/moodle/commit/a1168a7427f8fa1926a771fe8e6d10aeb6689686", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/a1168a7427f8fa1926a771fe8e6d10aeb6689686" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=323230", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=323230" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5335", "reference_id": "CVE-2015-5335", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-5335" }, { "reference_url": "https://github.com/advisories/GHSA-hpmv-wvq3-gj27", "reference_id": "GHSA-hpmv-wvq3-gj27", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-hpmv-wvq3-gj27" } ], "weaknesses": [ { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 200, "name": "Exposure of Sensitive Information to an Unauthorized Actor", "description": "The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information." }, { "cwe_id": 352, "name": "Cross-Site Request Forgery (CSRF)", "description": "The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." } ], "exploits": [], "severity_range_score": null, "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x2qp-yggf-z7h7" }