Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-c9kg-rsj3-b3bw
Summary
Exposure of Sensitive Information to an Unauthorized Actor
Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to obtain sensitive user information from hidden fields by leveraging the teacher role and navigating to "Enrolled users" under the Users Settings section.
Aliases
0
alias CVE-2012-2353
1
alias GHSA-mr97-gvvg-rhgh
Fixed_packages
0
url pkg:composer/moodle/moodle@2.1.6
purl pkg:composer/moodle/moodle@2.1.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.1.6
1
url pkg:composer/moodle/moodle@2.2.3
purl pkg:composer/moodle/moodle@2.2.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.2.3
Affected_packages
0
url pkg:composer/moodle/moodle@2.1.0
purl pkg:composer/moodle/moodle@2.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uce-2wtr-8bfg
1
vulnerability VCID-29gm-tfg6-xkey
2
vulnerability VCID-3tq1-jwd5-xqcr
3
vulnerability VCID-4cdk-8y5v-nba1
4
vulnerability VCID-6dwh-baur-9ydg
5
vulnerability VCID-9nee-rvyv-qfba
6
vulnerability VCID-a4uv-j23y-8bg1
7
vulnerability VCID-atb4-adjz-1uef
8
vulnerability VCID-c9kg-rsj3-b3bw
9
vulnerability VCID-dt8h-ktfk-2qec
10
vulnerability VCID-e2hb-w8g1-xbax
11
vulnerability VCID-et8t-f1u1-kudb
12
vulnerability VCID-jbvt-9yy2-afb4
13
vulnerability VCID-mh2f-ytz5-9fhg
14
vulnerability VCID-q6wx-c4w3-skh8
15
vulnerability VCID-qpm1-4xwk-sfb2
16
vulnerability VCID-ubt2-hvzj-1kbh
17
vulnerability VCID-yyug-rt71-yfds
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.1.0
1
url pkg:composer/moodle/moodle@2.2.0
purl pkg:composer/moodle/moodle@2.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uce-2wtr-8bfg
1
vulnerability VCID-29gm-tfg6-xkey
2
vulnerability VCID-2vsp-tbwq-1qhf
3
vulnerability VCID-41up-e414-hyba
4
vulnerability VCID-4cdk-8y5v-nba1
5
vulnerability VCID-b2tv-8q9g-qqfz
6
vulnerability VCID-c9kg-rsj3-b3bw
7
vulnerability VCID-e2hb-w8g1-xbax
8
vulnerability VCID-et8t-f1u1-kudb
9
vulnerability VCID-jbvt-9yy2-afb4
10
vulnerability VCID-mh2f-ytz5-9fhg
11
vulnerability VCID-vgxb-fkuj-9fgk
12
vulnerability VCID-y15n-cf9z-dyc4
13
vulnerability VCID-yyug-rt71-yfds
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.2.0
References
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-31923
reference_id
reference_type
scores
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-31923
1
reference_url http://openwall.com/lists/oss-security/2012/05/23/2
reference_id
reference_type
scores
url http://openwall.com/lists/oss-security/2012/05/23/2
2
reference_url https://github.com/moodle/moodle/commit/a645b79113b2ee7881b6bdae64a0c2a9f04db5c7
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/a645b79113b2ee7881b6bdae64a0c2a9f04db5c7
3
reference_url https://github.com/moodle/moodle/commit/ce13ea6ceb15f00c3cc6d40d79b06be39de7987a
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/ce13ea6ceb15f00c3cc6d40d79b06be39de7987a
4
reference_url https://github.com/moodle/moodle/commit/cfaa50a61d61719c65aa7e26f5444852931e07b6
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/cfaa50a61d61719c65aa7e26f5444852931e07b6
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-2353
reference_id CVE-2012-2353
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2012-2353
6
reference_url https://github.com/advisories/GHSA-mr97-gvvg-rhgh
reference_id GHSA-mr97-gvvg-rhgh
reference_type
scores
url https://github.com/advisories/GHSA-mr97-gvvg-rhgh
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 200
name Exposure of Sensitive Information to an Unauthorized Actor
description The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_scorenull
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-c9kg-rsj3-b3bw