Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-5nfq-4syg-87da
Summary
Cross-Site Request Forgery (CSRF)
Cross-site request forgery (CSRF) vulnerability in auth/shibboleth/logout.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout.
Aliases
0
alias CVE-2015-0218
1
alias GHSA-5jph-mvfm-r27p
Fixed_packages
0
url pkg:composer/moodle/moodle@2.6.7
purl pkg:composer/moodle/moodle@2.6.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.7
1
url pkg:composer/moodle/moodle@2.7.4
purl pkg:composer/moodle/moodle@2.7.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.4
2
url pkg:composer/moodle/moodle@2.8.2
purl pkg:composer/moodle/moodle@2.8.2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.2
Affected_packages
0
url pkg:composer/moodle/moodle@2.7.0
purl pkg:composer/moodle/moodle@2.7.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ehh-qz6c-ykhp
1
vulnerability VCID-1rar-m2g3-27ag
2
vulnerability VCID-1z6j-fs6f-eua1
3
vulnerability VCID-29yj-e9bd-queq
4
vulnerability VCID-2dxb-v1af-jbax
5
vulnerability VCID-2y3m-yuaj-vkf2
6
vulnerability VCID-37j1-ym2f-1fbc
7
vulnerability VCID-37pj-u3gh-n7fd
8
vulnerability VCID-3xwm-hqap-8bct
9
vulnerability VCID-46jw-xjbu-b3f1
10
vulnerability VCID-4cx7-eaax-8uhr
11
vulnerability VCID-4kq5-ctsv-eka8
12
vulnerability VCID-5c29-qn3p-3yde
13
vulnerability VCID-5nfq-4syg-87da
14
vulnerability VCID-5rbf-4dz3-2qdz
15
vulnerability VCID-5vx4-qtb2-fqe9
16
vulnerability VCID-62yh-cpfr-9bb1
17
vulnerability VCID-8cc1-hbzm-87bx
18
vulnerability VCID-8q4n-d565-kfbn
19
vulnerability VCID-95mq-m2jz-a3ab
20
vulnerability VCID-9z66-z9af-17f7
21
vulnerability VCID-a3pu-x51u-1udr
22
vulnerability VCID-an53-nu91-k3d7
23
vulnerability VCID-aqc8-tmeg-9fdd
24
vulnerability VCID-b9ej-hx7z-1bb8
25
vulnerability VCID-bfmx-cwap-8yhp
26
vulnerability VCID-czph-uxwr-5uge
27
vulnerability VCID-d3yp-gq4c-vyf8
28
vulnerability VCID-dhku-uah4-ykh8
29
vulnerability VCID-ea5s-xphb-6ub7
30
vulnerability VCID-eaqp-7abt-6kg9
31
vulnerability VCID-emu7-jhv2-zqb8
32
vulnerability VCID-evke-m8nn-6ua3
33
vulnerability VCID-fumj-9pun-zfc5
34
vulnerability VCID-g4hn-yz26-1beb
35
vulnerability VCID-gvan-87dt-b7fp
36
vulnerability VCID-h8xn-n98n-qqdv
37
vulnerability VCID-hbky-xx53-vkct
38
vulnerability VCID-hck4-emsr-q7dc
39
vulnerability VCID-j11s-2mhg-pfdn
40
vulnerability VCID-k6pw-51st-b3d2
41
vulnerability VCID-kgvw-uxf4-wbc1
42
vulnerability VCID-krn6-pwk5-ake2
43
vulnerability VCID-kzwd-2e6n-fkbm
44
vulnerability VCID-n9uc-b76m-8fbs
45
vulnerability VCID-nfdb-m7rg-47ca
46
vulnerability VCID-qxyw-7hnt-hqd6
47
vulnerability VCID-r3f7-9paf-83ht
48
vulnerability VCID-r88h-mteg-yka9
49
vulnerability VCID-rdfn-52p2-afa7
50
vulnerability VCID-rscq-xx52-2ua8
51
vulnerability VCID-s3bw-w61k-eqhy
52
vulnerability VCID-s3ue-e5h8-f3dy
53
vulnerability VCID-s5cy-eva4-wbaf
54
vulnerability VCID-tmwc-f872-mufw
55
vulnerability VCID-ucg8-htfc-2bhn
56
vulnerability VCID-uptz-tj66-7yfk
57
vulnerability VCID-uvgt-7m5a-xkdc
58
vulnerability VCID-v4qm-48kk-pfaz
59
vulnerability VCID-v54t-5thx-1beu
60
vulnerability VCID-v6ha-ekxw-7bfr
61
vulnerability VCID-v7zm-cw8w-6yf8
62
vulnerability VCID-vda3-4fgr-gfbw
63
vulnerability VCID-vs2j-b4qg-nbgu
64
vulnerability VCID-vtq4-fpr8-hudb
65
vulnerability VCID-wavt-rrws-3yhs
66
vulnerability VCID-wawr-t9dc-33fj
67
vulnerability VCID-xmm4-zw49-3feh
68
vulnerability VCID-xnmk-jah2-ufce
69
vulnerability VCID-xy2y-yxfu-xfgm
70
vulnerability VCID-y2vh-7r7h-9ugu
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.0
1
url pkg:composer/moodle/moodle@2.8.0
purl pkg:composer/moodle/moodle@2.8.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1z6j-fs6f-eua1
1
vulnerability VCID-2y3m-yuaj-vkf2
2
vulnerability VCID-37j1-ym2f-1fbc
3
vulnerability VCID-37pj-u3gh-n7fd
4
vulnerability VCID-3kq3-v2u1-fyhz
5
vulnerability VCID-46jw-xjbu-b3f1
6
vulnerability VCID-4cx7-eaax-8uhr
7
vulnerability VCID-4kq5-ctsv-eka8
8
vulnerability VCID-5hx1-9xbg-g3fn
9
vulnerability VCID-5nfq-4syg-87da
10
vulnerability VCID-5vx4-qtb2-fqe9
11
vulnerability VCID-62yh-cpfr-9bb1
12
vulnerability VCID-65y9-9ur2-pugc
13
vulnerability VCID-7rut-8dau-e3cp
14
vulnerability VCID-8cc1-hbzm-87bx
15
vulnerability VCID-95mq-m2jz-a3ab
16
vulnerability VCID-9z66-z9af-17f7
17
vulnerability VCID-a34q-gbqw-1bbr
18
vulnerability VCID-a3pu-x51u-1udr
19
vulnerability VCID-an53-nu91-k3d7
20
vulnerability VCID-aqc8-tmeg-9fdd
21
vulnerability VCID-b9ej-hx7z-1bb8
22
vulnerability VCID-d3yp-gq4c-vyf8
23
vulnerability VCID-dnya-ef8u-6bg1
24
vulnerability VCID-eaqp-7abt-6kg9
25
vulnerability VCID-emu7-jhv2-zqb8
26
vulnerability VCID-evke-m8nn-6ua3
27
vulnerability VCID-fpuj-f6nx-n7a9
28
vulnerability VCID-fsex-f512-pudv
29
vulnerability VCID-g4hn-yz26-1beb
30
vulnerability VCID-gvan-87dt-b7fp
31
vulnerability VCID-hbky-xx53-vkct
32
vulnerability VCID-j11s-2mhg-pfdn
33
vulnerability VCID-jc19-ee46-4uh3
34
vulnerability VCID-jcnw-cwmz-w7cz
35
vulnerability VCID-k6pw-51st-b3d2
36
vulnerability VCID-kgvw-uxf4-wbc1
37
vulnerability VCID-m6zk-p84r-vbh5
38
vulnerability VCID-n9uc-b76m-8fbs
39
vulnerability VCID-nfdb-m7rg-47ca
40
vulnerability VCID-qtt4-455b-abb6
41
vulnerability VCID-r3f7-9paf-83ht
42
vulnerability VCID-rscq-xx52-2ua8
43
vulnerability VCID-ryws-mr9v-7yfp
44
vulnerability VCID-s3bw-w61k-eqhy
45
vulnerability VCID-s3ue-e5h8-f3dy
46
vulnerability VCID-sa6m-ecv7-x3ew
47
vulnerability VCID-t214-wxz7-a3df
48
vulnerability VCID-tmwc-f872-mufw
49
vulnerability VCID-trvp-xzf5-pff8
50
vulnerability VCID-ujja-hfkh-wkez
51
vulnerability VCID-uptz-tj66-7yfk
52
vulnerability VCID-v54t-5thx-1beu
53
vulnerability VCID-v6ha-ekxw-7bfr
54
vulnerability VCID-vb67-yux5-ayhf
55
vulnerability VCID-wavt-rrws-3yhs
56
vulnerability VCID-wg45-hemm-97am
57
vulnerability VCID-x2qp-yggf-z7h7
58
vulnerability VCID-xmm4-zw49-3feh
59
vulnerability VCID-xy2y-yxfu-xfgm
60
vulnerability VCID-y2vh-7r7h-9ugu
61
vulnerability VCID-ym1r-ackg-4kc3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.0
References
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47964
reference_id
reference_type
scores
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47964
1
reference_url http://openwall.com/lists/oss-security/2015/01/19/1
reference_id
reference_type
scores
url http://openwall.com/lists/oss-security/2015/01/19/1
2
reference_url https://github.com/moodle/moodle/commit/371d58d70d4ef866f35e33ea6898007112bfe654
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/371d58d70d4ef866f35e33ea6898007112bfe654
3
reference_url https://github.com/moodle/moodle/commit/693918c30e6b7c95dddd9c5973f98d98342a59d9
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/693918c30e6b7c95dddd9c5973f98d98342a59d9
4
reference_url https://github.com/moodle/moodle/commit/b82b4c562b705ea8f11893d9126889bb696b9612
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/b82b4c562b705ea8f11893d9126889bb696b9612
5
reference_url https://github.com/moodle/moodle/commit/fb60e23a67931eeba8fc9aacf3cc838e462f21f2
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/fb60e23a67931eeba8fc9aacf3cc838e462f21f2
6
reference_url https://moodle.org/mod/forum/discuss.php?d=278618
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=278618
7
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-0218
reference_id CVE-2015-0218
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2015-0218
8
reference_url https://github.com/advisories/GHSA-5jph-mvfm-r27p
reference_id GHSA-5jph-mvfm-r27p
reference_type
scores
url https://github.com/advisories/GHSA-5jph-mvfm-r27p
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 352
name Cross-Site Request Forgery (CSRF)
description The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_scorenull
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-5nfq-4syg-87da