Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-vb67-yux5-ayhf

Summary

Weak Password Recovery Mechanism for Forgotten Password
In Moodle, web service tokens are not invalidated when the user password is changed or forced to be changed.

Aliases

alias	CVE-2016-7038

Fixed_packages

url pkg:composer/moodle/moodle@2.7.16

purl pkg:composer/moodle/moodle@2.7.16

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-v54t-5thx-1beu

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.16

url pkg:composer/moodle/moodle@2.9.8

purl pkg:composer/moodle/moodle@2.9.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-v54t-5thx-1beu

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.8

url pkg:composer/moodle/moodle@3.0.6

purl pkg:composer/moodle/moodle@3.0.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-v54t-5thx-1beu

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.6

url pkg:composer/moodle/moodle@3.1.2

purl pkg:composer/moodle/moodle@3.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-v54t-5thx-1beu

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.2

Affected_packages

url pkg:composer/moodle/moodle@2.7.15

purl pkg:composer/moodle/moodle@2.7.15

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-vb67-yux5-ayhf

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.15

url pkg:composer/moodle/moodle@2.8.0

purl pkg:composer/moodle/moodle@2.8.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1z6j-fs6f-eua1

vulnerability	VCID-2y3m-yuaj-vkf2

vulnerability	VCID-37j1-ym2f-1fbc

vulnerability	VCID-37pj-u3gh-n7fd

vulnerability	VCID-3kq3-v2u1-fyhz

vulnerability	VCID-46jw-xjbu-b3f1

vulnerability	VCID-4cx7-eaax-8uhr

vulnerability	VCID-4kq5-ctsv-eka8

vulnerability	VCID-5hx1-9xbg-g3fn

vulnerability	VCID-5nfq-4syg-87da

vulnerability	VCID-5vx4-qtb2-fqe9

vulnerability	VCID-62yh-cpfr-9bb1

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-7rut-8dau-e3cp

vulnerability	VCID-8cc1-hbzm-87bx

vulnerability	VCID-95mq-m2jz-a3ab

vulnerability	VCID-9z66-z9af-17f7

vulnerability	VCID-a34q-gbqw-1bbr

vulnerability	VCID-a3pu-x51u-1udr

vulnerability	VCID-an53-nu91-k3d7

vulnerability	VCID-aqc8-tmeg-9fdd

vulnerability	VCID-b9ej-hx7z-1bb8

vulnerability	VCID-d3yp-gq4c-vyf8

vulnerability	VCID-dnya-ef8u-6bg1

vulnerability	VCID-eaqp-7abt-6kg9

vulnerability	VCID-emu7-jhv2-zqb8

vulnerability	VCID-evke-m8nn-6ua3

vulnerability	VCID-fpuj-f6nx-n7a9

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-g4hn-yz26-1beb

vulnerability	VCID-gvan-87dt-b7fp

vulnerability	VCID-hbky-xx53-vkct

vulnerability	VCID-j11s-2mhg-pfdn

vulnerability	VCID-jc19-ee46-4uh3

vulnerability	VCID-jcnw-cwmz-w7cz

vulnerability	VCID-k6pw-51st-b3d2

vulnerability	VCID-kgvw-uxf4-wbc1

vulnerability	VCID-m6zk-p84r-vbh5

vulnerability	VCID-n9uc-b76m-8fbs

vulnerability	VCID-nfdb-m7rg-47ca

vulnerability	VCID-qtt4-455b-abb6

vulnerability	VCID-r3f7-9paf-83ht

vulnerability	VCID-rscq-xx52-2ua8

vulnerability	VCID-ryws-mr9v-7yfp

vulnerability	VCID-s3bw-w61k-eqhy

vulnerability	VCID-s3ue-e5h8-f3dy

vulnerability	VCID-sa6m-ecv7-x3ew

vulnerability	VCID-t214-wxz7-a3df

vulnerability	VCID-tmwc-f872-mufw

vulnerability	VCID-trvp-xzf5-pff8

vulnerability	VCID-ujja-hfkh-wkez

vulnerability	VCID-uptz-tj66-7yfk

vulnerability	VCID-v54t-5thx-1beu

vulnerability	VCID-v6ha-ekxw-7bfr

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-wavt-rrws-3yhs

vulnerability	VCID-wg45-hemm-97am

vulnerability	VCID-x2qp-yggf-z7h7

vulnerability	VCID-xmm4-zw49-3feh

vulnerability	VCID-xy2y-yxfu-xfgm

vulnerability	VCID-y2vh-7r7h-9ugu

vulnerability	VCID-ym1r-ackg-4kc3

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.0

url pkg:composer/moodle/moodle@2.8.12

purl pkg:composer/moodle/moodle@2.8.12

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-qtt4-455b-abb6

vulnerability	VCID-v54t-5thx-1beu

vulnerability	VCID-vb67-yux5-ayhf

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.12

url pkg:composer/moodle/moodle@2.9.0

purl pkg:composer/moodle/moodle@2.9.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-1z6j-fs6f-eua1

vulnerability	VCID-37j1-ym2f-1fbc

vulnerability	VCID-37pj-u3gh-n7fd

vulnerability	VCID-3kq3-v2u1-fyhz

vulnerability	VCID-421n-34cp-cka8

vulnerability	VCID-4cx7-eaax-8uhr

vulnerability	VCID-4kq5-ctsv-eka8

vulnerability	VCID-5hx1-9xbg-g3fn

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-7rut-8dau-e3cp

vulnerability	VCID-8cc1-hbzm-87bx

vulnerability	VCID-a34q-gbqw-1bbr

vulnerability	VCID-an53-nu91-k3d7

vulnerability	VCID-b9ej-hx7z-1bb8

vulnerability	VCID-dnya-ef8u-6bg1

vulnerability	VCID-eaqp-7abt-6kg9

vulnerability	VCID-emu7-jhv2-zqb8

vulnerability	VCID-evke-m8nn-6ua3

vulnerability	VCID-fpuj-f6nx-n7a9

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-jc19-ee46-4uh3

vulnerability	VCID-jcnw-cwmz-w7cz

vulnerability	VCID-k6pw-51st-b3d2

vulnerability	VCID-kgvw-uxf4-wbc1

vulnerability	VCID-m6zk-p84r-vbh5

vulnerability	VCID-qtt4-455b-abb6

vulnerability	VCID-ryws-mr9v-7yfp

vulnerability	VCID-s3ue-e5h8-f3dy

vulnerability	VCID-sa6m-ecv7-x3ew

vulnerability	VCID-t214-wxz7-a3df

vulnerability	VCID-trvp-xzf5-pff8

vulnerability	VCID-ujja-hfkh-wkez

vulnerability	VCID-v54t-5thx-1beu

vulnerability	VCID-v6ha-ekxw-7bfr

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-wg45-hemm-97am

vulnerability	VCID-x2qp-yggf-z7h7

vulnerability	VCID-xmm4-zw49-3feh

vulnerability	VCID-xy2y-yxfu-xfgm

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.0

url pkg:composer/moodle/moodle@2.9.7

purl pkg:composer/moodle/moodle@2.9.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-vb67-yux5-ayhf

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.7

url pkg:composer/moodle/moodle@3.0.0

purl pkg:composer/moodle/moodle@3.0.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2dxb-v1af-jbax

vulnerability	VCID-37pj-u3gh-n7fd

vulnerability	VCID-3kq3-v2u1-fyhz

vulnerability	VCID-4kq5-ctsv-eka8

vulnerability	VCID-5hx1-9xbg-g3fn

vulnerability	VCID-5rbf-4dz3-2qdz

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-7rut-8dau-e3cp

vulnerability	VCID-8cc1-hbzm-87bx

vulnerability	VCID-9nd7-4wve-97hc

vulnerability	VCID-an53-nu91-k3d7

vulnerability	VCID-dhku-uah4-ykh8

vulnerability	VCID-dnya-ef8u-6bg1

vulnerability	VCID-eaqp-7abt-6kg9

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-k6pw-51st-b3d2

vulnerability	VCID-kgvw-uxf4-wbc1

vulnerability	VCID-qtt4-455b-abb6

vulnerability	VCID-ryws-mr9v-7yfp

vulnerability	VCID-s3ue-e5h8-f3dy

vulnerability	VCID-sa6m-ecv7-x3ew

vulnerability	VCID-ujja-hfkh-wkez

vulnerability	VCID-v54t-5thx-1beu

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vtq4-fpr8-hudb

vulnerability	VCID-xmm4-zw49-3feh

vulnerability	VCID-zgzm-wj81-jkah

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.0

url pkg:composer/moodle/moodle@3.0.5

purl pkg:composer/moodle/moodle@3.0.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-vb67-yux5-ayhf

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.5

url pkg:composer/moodle/moodle@3.1.0

purl pkg:composer/moodle/moodle@3.1.0

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2dxb-v1af-jbax

vulnerability	VCID-336n-hpzg-euhd

vulnerability	VCID-4rz2-b4e3-87g5

vulnerability	VCID-5rbf-4dz3-2qdz

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-83kb-4mk9-t7ge

vulnerability	VCID-8mgr-gdzj-4ybs

vulnerability	VCID-9nd7-4wve-97hc

vulnerability	VCID-9t4u-n1pn-w3bd

vulnerability	VCID-b7br-bh2d-rygp

vulnerability	VCID-bjnq-q2nd-1khp

vulnerability	VCID-ckg1-9vpt-yfdk

vulnerability	VCID-deur-8zdf-2kh2

vulnerability	VCID-dhku-uah4-ykh8

vulnerability	VCID-e2zc-7ujn-wybu

vulnerability	VCID-edf3-ktcc-gydc

vulnerability	VCID-fegs-ubsk-63hu

vulnerability	VCID-fsex-f512-pudv

vulnerability	VCID-g8ct-c4ce-zuaf

vulnerability	VCID-jn5n-6hg9-tyf7

vulnerability	VCID-k73h-z6j8-gkgz

vulnerability	VCID-m4zv-e3dn-budf

vulnerability	VCID-p2gd-7uam-mqf8

vulnerability	VCID-q2fa-jymp-c3bb

vulnerability	VCID-qtt4-455b-abb6

vulnerability	VCID-qxsq-ku22-r7gx

vulnerability	VCID-v54t-5thx-1beu

vulnerability	VCID-vb67-yux5-ayhf

vulnerability	VCID-vfp6-4h8n-bkax

vulnerability	VCID-vtq4-fpr8-hudb

vulnerability	VCID-x927-nh46-7fdy

vulnerability	VCID-yp82-zj5g-pbaf

vulnerability	VCID-zgzm-wj81-jkah

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.0

url pkg:composer/moodle/moodle@3.1.1

purl pkg:composer/moodle/moodle@3.1.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-vb67-yux5-ayhf

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.1

References

reference_url	https://moodle.org/mod/forum/discuss.php?d=339631
reference_id
reference_type
scores
url	https://moodle.org/mod/forum/discuss.php?d=339631

reference_url	http://www.securityfocus.com/bid/93174
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/93174

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2016-7038
reference_id	CVE-2016-7038
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2016-7038

Weaknesses

cwe_id	1035
name	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.

cwe_id	640
name	Weak Password Recovery Mechanism for Forgotten Password
description	The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

cwe_id	937
name	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description	Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.

Exploits

Severity_range_score null

Exploitability null

Weighted_severity null

Risk_score null

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vb67-yux5-ayhf

Vulnerability Instance