Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-1wzm-dhqv-43bj
Summary
Server-Side Request Forgery (SSRF)
An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.
Aliases
0
alias CVE-2023-35133
Fixed_packages
0
url pkg:composer/moodle/moodle@3.9.22
purl pkg:composer/moodle/moodle@3.9.22
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.22
1
url pkg:composer/moodle/moodle@3.11.15
purl pkg:composer/moodle/moodle@3.11.15
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.11.15
2
url pkg:composer/moodle/moodle@4.0.9
purl pkg:composer/moodle/moodle@4.0.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.0.9
3
url pkg:composer/moodle/moodle@4.1.4
purl pkg:composer/moodle/moodle@4.1.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.4
4
url pkg:composer/moodle/moodle@4.2.1
purl pkg:composer/moodle/moodle@4.2.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.1
Affected_packages
0
url pkg:composer/moodle/moodle@3.11.0
purl pkg:composer/moodle/moodle@3.11.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-164m-humk-1fe3
1
vulnerability VCID-1kfj-2zwf-vbfp
2
vulnerability VCID-1wzm-dhqv-43bj
3
vulnerability VCID-233t-s5y8-4yg5
4
vulnerability VCID-24bp-c9yc-gua4
5
vulnerability VCID-2trf-n9r4-ykgg
6
vulnerability VCID-2z6d-qf96-kyb4
7
vulnerability VCID-33ss-gb34-8ke5
8
vulnerability VCID-3ept-fdps-5fe5
9
vulnerability VCID-4c9d-jf9g-u3gn
10
vulnerability VCID-57wg-wxss-jbaw
11
vulnerability VCID-5bfe-hk7m-7bh6
12
vulnerability VCID-5q1e-b4e8-jbc8
13
vulnerability VCID-5rk8-v6bb-6ugh
14
vulnerability VCID-7rqc-eepq-43ds
15
vulnerability VCID-7x6e-qege-ufdv
16
vulnerability VCID-8d9n-ejbb-7fa1
17
vulnerability VCID-9uem-p6k3-nqdb
18
vulnerability VCID-b994-r5mw-3fbg
19
vulnerability VCID-cbzx-gnhr-pfap
20
vulnerability VCID-d8gp-tuxy-3qdf
21
vulnerability VCID-dvrf-62nt-2kdp
22
vulnerability VCID-gepg-y7ud-cuds
23
vulnerability VCID-gr4h-n82f-zkg2
24
vulnerability VCID-hk13-uc46-87h1
25
vulnerability VCID-hsk6-h5ky-g3cx
26
vulnerability VCID-jarn-rtuz-wucq
27
vulnerability VCID-jfsu-ya7r-h3e1
28
vulnerability VCID-p3ge-1cqt-tufw
29
vulnerability VCID-qfvz-hf8h-8bb3
30
vulnerability VCID-s7pu-hgz5-zfbq
31
vulnerability VCID-taab-hupu-huf9
32
vulnerability VCID-u32t-89zc-v3gj
33
vulnerability VCID-utsj-g57g-cbeb
34
vulnerability VCID-x1pc-1kuc-kug2
35
vulnerability VCID-yxag-fghx-47ej
36
vulnerability VCID-zf4q-a4cz-y7dh
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.11.0
1
url pkg:composer/moodle/moodle@4.0.0
purl pkg:composer/moodle/moodle@4.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1wzm-dhqv-43bj
1
vulnerability VCID-24bp-c9yc-gua4
2
vulnerability VCID-2trf-n9r4-ykgg
3
vulnerability VCID-2z6d-qf96-kyb4
4
vulnerability VCID-33ss-gb34-8ke5
5
vulnerability VCID-3ept-fdps-5fe5
6
vulnerability VCID-4c9d-jf9g-u3gn
7
vulnerability VCID-4svp-grnb-2fh3
8
vulnerability VCID-5bfe-hk7m-7bh6
9
vulnerability VCID-5q1e-b4e8-jbc8
10
vulnerability VCID-5rk8-v6bb-6ugh
11
vulnerability VCID-7rqc-eepq-43ds
12
vulnerability VCID-7x6e-qege-ufdv
13
vulnerability VCID-8d9n-ejbb-7fa1
14
vulnerability VCID-b994-r5mw-3fbg
15
vulnerability VCID-cbzx-gnhr-pfap
16
vulnerability VCID-d8gp-tuxy-3qdf
17
vulnerability VCID-dvrf-62nt-2kdp
18
vulnerability VCID-gepg-y7ud-cuds
19
vulnerability VCID-hsk6-h5ky-g3cx
20
vulnerability VCID-jarn-rtuz-wucq
21
vulnerability VCID-jfsu-ya7r-h3e1
22
vulnerability VCID-ngar-aydn-eye4
23
vulnerability VCID-s7pu-hgz5-zfbq
24
vulnerability VCID-sz1m-v8wf-nqgx
25
vulnerability VCID-utsj-g57g-cbeb
26
vulnerability VCID-x1pc-1kuc-kug2
27
vulnerability VCID-yxag-fghx-47ej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.0.0
2
url pkg:composer/moodle/moodle@4.1.0
purl pkg:composer/moodle/moodle@4.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1wzm-dhqv-43bj
1
vulnerability VCID-24bp-c9yc-gua4
2
vulnerability VCID-2z6d-qf96-kyb4
3
vulnerability VCID-33ss-gb34-8ke5
4
vulnerability VCID-3ept-fdps-5fe5
5
vulnerability VCID-4c9d-jf9g-u3gn
6
vulnerability VCID-4svp-grnb-2fh3
7
vulnerability VCID-5bfe-hk7m-7bh6
8
vulnerability VCID-5q1e-b4e8-jbc8
9
vulnerability VCID-5rk8-v6bb-6ugh
10
vulnerability VCID-7rqc-eepq-43ds
11
vulnerability VCID-7x6e-qege-ufdv
12
vulnerability VCID-8d9n-ejbb-7fa1
13
vulnerability VCID-b994-r5mw-3fbg
14
vulnerability VCID-cbzx-gnhr-pfap
15
vulnerability VCID-d8gp-tuxy-3qdf
16
vulnerability VCID-dvrf-62nt-2kdp
17
vulnerability VCID-gepg-y7ud-cuds
18
vulnerability VCID-hsk6-h5ky-g3cx
19
vulnerability VCID-jarn-rtuz-wucq
20
vulnerability VCID-jfsu-ya7r-h3e1
21
vulnerability VCID-ngar-aydn-eye4
22
vulnerability VCID-qan2-5dd9-myhg
23
vulnerability VCID-s4j2-ppgk-sfh9
24
vulnerability VCID-s7pu-hgz5-zfbq
25
vulnerability VCID-sz1m-v8wf-nqgx
26
vulnerability VCID-utsj-g57g-cbeb
27
vulnerability VCID-x1pc-1kuc-kug2
28
vulnerability VCID-yxag-fghx-47ej
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.0
3
url pkg:composer/moodle/moodle@4.2.0
purl pkg:composer/moodle/moodle@4.2.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1wzm-dhqv-43bj
1
vulnerability VCID-24bp-c9yc-gua4
2
vulnerability VCID-4c9d-jf9g-u3gn
3
vulnerability VCID-4svp-grnb-2fh3
4
vulnerability VCID-6726-ca8y-4uez
5
vulnerability VCID-7rqc-eepq-43ds
6
vulnerability VCID-7x6e-qege-ufdv
7
vulnerability VCID-8d9n-ejbb-7fa1
8
vulnerability VCID-d8gp-tuxy-3qdf
9
vulnerability VCID-gycn-bey2-4yam
10
vulnerability VCID-hsk6-h5ky-g3cx
11
vulnerability VCID-jarn-rtuz-wucq
12
vulnerability VCID-jfsu-ya7r-h3e1
13
vulnerability VCID-mhh7-n7ut-hkh6
14
vulnerability VCID-ngar-aydn-eye4
15
vulnerability VCID-qabh-bpmn-1ye5
16
vulnerability VCID-r1ug-e8x6-83gt
17
vulnerability VCID-s7pu-hgz5-zfbq
18
vulnerability VCID-team-9wba-yufc
19
vulnerability VCID-utsj-g57g-cbeb
20
vulnerability VCID-x1pc-1kuc-kug2
21
vulnerability VCID-yc6t-am1p-x3ev
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.0
References
0
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7A72KX4WU6GK2CX4TKYFGFASPKOEOJFC/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7A72KX4WU6GK2CX4TKYFGFASPKOEOJFC/
1
reference_url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5QAEAGJ44NVXLAJFJXKARKC45OGEDXT/
reference_id
reference_type
scores
url https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5QAEAGJ44NVXLAJFJXKARKC45OGEDXT/
2
reference_url https://moodle.org/mod/forum/discuss.php?d=447831
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=447831
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2023-35133
reference_id CVE-2023-35133
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2023-35133
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 918
name Server-Side Request Forgery (SSRF)
description The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_scorenull
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-1wzm-dhqv-43bj