Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-n9uc-b76m-8fbs
Summary
Moodle allows attackers to bypass file-management restrictions
files/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 does not consider the moodle/user:manageownfiles capability before approving a private-file upload, which allows remote authenticated users to bypass intended file-management restrictions by using web services to perform uploads after this capability has been revoked.
Aliases
0
alias CVE-2015-3181
1
alias GHSA-622h-cjgg-5mx6
Fixed_packages
0
url pkg:composer/moodle/moodle@2.6.11
purl pkg:composer/moodle/moodle@2.6.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-37pj-u3gh-n7fd
1
vulnerability VCID-4cx7-eaax-8uhr
2
vulnerability VCID-an53-nu91-k3d7
3
vulnerability VCID-b9ej-hx7z-1bb8
4
vulnerability VCID-eaqp-7abt-6kg9
5
vulnerability VCID-k6pw-51st-b3d2
6
vulnerability VCID-xmm4-zw49-3feh
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.11
1
url pkg:composer/moodle/moodle@2.7.8
purl pkg:composer/moodle/moodle@2.7.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.8
2
url pkg:composer/moodle/moodle@2.8.6
purl pkg:composer/moodle/moodle@2.8.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.6
Affected_packages
0
url pkg:composer/moodle/moodle@2.7.0
purl pkg:composer/moodle/moodle@2.7.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1ehh-qz6c-ykhp
1
vulnerability VCID-1rar-m2g3-27ag
2
vulnerability VCID-1z6j-fs6f-eua1
3
vulnerability VCID-29yj-e9bd-queq
4
vulnerability VCID-2dxb-v1af-jbax
5
vulnerability VCID-2y3m-yuaj-vkf2
6
vulnerability VCID-37j1-ym2f-1fbc
7
vulnerability VCID-37pj-u3gh-n7fd
8
vulnerability VCID-3xwm-hqap-8bct
9
vulnerability VCID-46jw-xjbu-b3f1
10
vulnerability VCID-4cx7-eaax-8uhr
11
vulnerability VCID-4kq5-ctsv-eka8
12
vulnerability VCID-5c29-qn3p-3yde
13
vulnerability VCID-5nfq-4syg-87da
14
vulnerability VCID-5rbf-4dz3-2qdz
15
vulnerability VCID-5vx4-qtb2-fqe9
16
vulnerability VCID-62yh-cpfr-9bb1
17
vulnerability VCID-8cc1-hbzm-87bx
18
vulnerability VCID-8q4n-d565-kfbn
19
vulnerability VCID-95mq-m2jz-a3ab
20
vulnerability VCID-9z66-z9af-17f7
21
vulnerability VCID-a3pu-x51u-1udr
22
vulnerability VCID-an53-nu91-k3d7
23
vulnerability VCID-aqc8-tmeg-9fdd
24
vulnerability VCID-b9ej-hx7z-1bb8
25
vulnerability VCID-bfmx-cwap-8yhp
26
vulnerability VCID-czph-uxwr-5uge
27
vulnerability VCID-d3yp-gq4c-vyf8
28
vulnerability VCID-dhku-uah4-ykh8
29
vulnerability VCID-ea5s-xphb-6ub7
30
vulnerability VCID-eaqp-7abt-6kg9
31
vulnerability VCID-emu7-jhv2-zqb8
32
vulnerability VCID-evke-m8nn-6ua3
33
vulnerability VCID-fumj-9pun-zfc5
34
vulnerability VCID-g4hn-yz26-1beb
35
vulnerability VCID-gvan-87dt-b7fp
36
vulnerability VCID-h8xn-n98n-qqdv
37
vulnerability VCID-hbky-xx53-vkct
38
vulnerability VCID-hck4-emsr-q7dc
39
vulnerability VCID-j11s-2mhg-pfdn
40
vulnerability VCID-k6pw-51st-b3d2
41
vulnerability VCID-kgvw-uxf4-wbc1
42
vulnerability VCID-krn6-pwk5-ake2
43
vulnerability VCID-kzwd-2e6n-fkbm
44
vulnerability VCID-n9uc-b76m-8fbs
45
vulnerability VCID-nfdb-m7rg-47ca
46
vulnerability VCID-qxyw-7hnt-hqd6
47
vulnerability VCID-r3f7-9paf-83ht
48
vulnerability VCID-r88h-mteg-yka9
49
vulnerability VCID-rdfn-52p2-afa7
50
vulnerability VCID-rscq-xx52-2ua8
51
vulnerability VCID-s3bw-w61k-eqhy
52
vulnerability VCID-s3ue-e5h8-f3dy
53
vulnerability VCID-s5cy-eva4-wbaf
54
vulnerability VCID-tmwc-f872-mufw
55
vulnerability VCID-ucg8-htfc-2bhn
56
vulnerability VCID-uptz-tj66-7yfk
57
vulnerability VCID-uvgt-7m5a-xkdc
58
vulnerability VCID-v4qm-48kk-pfaz
59
vulnerability VCID-v54t-5thx-1beu
60
vulnerability VCID-v6ha-ekxw-7bfr
61
vulnerability VCID-v7zm-cw8w-6yf8
62
vulnerability VCID-vda3-4fgr-gfbw
63
vulnerability VCID-vs2j-b4qg-nbgu
64
vulnerability VCID-vtq4-fpr8-hudb
65
vulnerability VCID-wavt-rrws-3yhs
66
vulnerability VCID-wawr-t9dc-33fj
67
vulnerability VCID-xmm4-zw49-3feh
68
vulnerability VCID-xnmk-jah2-ufce
69
vulnerability VCID-xy2y-yxfu-xfgm
70
vulnerability VCID-y2vh-7r7h-9ugu
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.0
1
url pkg:composer/moodle/moodle@2.8.0
purl pkg:composer/moodle/moodle@2.8.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1z6j-fs6f-eua1
1
vulnerability VCID-2y3m-yuaj-vkf2
2
vulnerability VCID-37j1-ym2f-1fbc
3
vulnerability VCID-37pj-u3gh-n7fd
4
vulnerability VCID-3kq3-v2u1-fyhz
5
vulnerability VCID-46jw-xjbu-b3f1
6
vulnerability VCID-4cx7-eaax-8uhr
7
vulnerability VCID-4kq5-ctsv-eka8
8
vulnerability VCID-5hx1-9xbg-g3fn
9
vulnerability VCID-5nfq-4syg-87da
10
vulnerability VCID-5vx4-qtb2-fqe9
11
vulnerability VCID-62yh-cpfr-9bb1
12
vulnerability VCID-65y9-9ur2-pugc
13
vulnerability VCID-7rut-8dau-e3cp
14
vulnerability VCID-8cc1-hbzm-87bx
15
vulnerability VCID-95mq-m2jz-a3ab
16
vulnerability VCID-9z66-z9af-17f7
17
vulnerability VCID-a34q-gbqw-1bbr
18
vulnerability VCID-a3pu-x51u-1udr
19
vulnerability VCID-an53-nu91-k3d7
20
vulnerability VCID-aqc8-tmeg-9fdd
21
vulnerability VCID-b9ej-hx7z-1bb8
22
vulnerability VCID-d3yp-gq4c-vyf8
23
vulnerability VCID-dnya-ef8u-6bg1
24
vulnerability VCID-eaqp-7abt-6kg9
25
vulnerability VCID-emu7-jhv2-zqb8
26
vulnerability VCID-evke-m8nn-6ua3
27
vulnerability VCID-fpuj-f6nx-n7a9
28
vulnerability VCID-fsex-f512-pudv
29
vulnerability VCID-g4hn-yz26-1beb
30
vulnerability VCID-gvan-87dt-b7fp
31
vulnerability VCID-hbky-xx53-vkct
32
vulnerability VCID-j11s-2mhg-pfdn
33
vulnerability VCID-jc19-ee46-4uh3
34
vulnerability VCID-jcnw-cwmz-w7cz
35
vulnerability VCID-k6pw-51st-b3d2
36
vulnerability VCID-kgvw-uxf4-wbc1
37
vulnerability VCID-m6zk-p84r-vbh5
38
vulnerability VCID-n9uc-b76m-8fbs
39
vulnerability VCID-nfdb-m7rg-47ca
40
vulnerability VCID-qtt4-455b-abb6
41
vulnerability VCID-r3f7-9paf-83ht
42
vulnerability VCID-rscq-xx52-2ua8
43
vulnerability VCID-ryws-mr9v-7yfp
44
vulnerability VCID-s3bw-w61k-eqhy
45
vulnerability VCID-s3ue-e5h8-f3dy
46
vulnerability VCID-sa6m-ecv7-x3ew
47
vulnerability VCID-t214-wxz7-a3df
48
vulnerability VCID-tmwc-f872-mufw
49
vulnerability VCID-trvp-xzf5-pff8
50
vulnerability VCID-ujja-hfkh-wkez
51
vulnerability VCID-uptz-tj66-7yfk
52
vulnerability VCID-v54t-5thx-1beu
53
vulnerability VCID-v6ha-ekxw-7bfr
54
vulnerability VCID-vb67-yux5-ayhf
55
vulnerability VCID-wavt-rrws-3yhs
56
vulnerability VCID-wg45-hemm-97am
57
vulnerability VCID-x2qp-yggf-z7h7
58
vulnerability VCID-xmm4-zw49-3feh
59
vulnerability VCID-xy2y-yxfu-xfgm
60
vulnerability VCID-y2vh-7r7h-9ugu
61
vulnerability VCID-ym1r-ackg-4kc3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.0
References
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49994
reference_id
reference_type
scores
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49994
1
reference_url http://openwall.com/lists/oss-security/2015/05/18/1
reference_id
reference_type
scores
url http://openwall.com/lists/oss-security/2015/05/18/1
2
reference_url https://github.com/moodle/moodle/commit/350397da93c557f577e7d62e7fc3e233792ad171
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/350397da93c557f577e7d62e7fc3e233792ad171
3
reference_url https://github.com/moodle/moodle/commit/4b6b64685affa66784fd238c1bbc1eb0651492a0
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/4b6b64685affa66784fd238c1bbc1eb0651492a0
4
reference_url https://github.com/moodle/moodle/commit/57d9a750e3da6708dba13513e9b05e84a895ad9f
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/57d9a750e3da6708dba13513e9b05e84a895ad9f
5
reference_url https://github.com/moodle/moodle/commit/8e8ee7530427a10e409386657484e9fd5effc438
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/8e8ee7530427a10e409386657484e9fd5effc438
6
reference_url https://moodle.org/mod/forum/discuss.php?d=313688
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=313688
7
reference_url https://web.archive.org/web/20200228054133/http://www.securityfocus.com/bid/74728
reference_id
reference_type
scores
url https://web.archive.org/web/20200228054133/http://www.securityfocus.com/bid/74728
8
reference_url https://web.archive.org/web/20201030042703/http://www.securitytracker.com/id/1032358
reference_id
reference_type
scores
url https://web.archive.org/web/20201030042703/http://www.securitytracker.com/id/1032358
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-3181
reference_id CVE-2015-3181
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2015-3181
10
reference_url https://github.com/advisories/GHSA-622h-cjgg-5mx6
reference_id GHSA-622h-cjgg-5mx6
reference_type
scores
url https://github.com/advisories/GHSA-622h-cjgg-5mx6
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 264
name Permissions, Privileges, and Access Controls
description Weaknesses in this category are related to the management of permissions, privileges, and other security features that are used to perform access control.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_scorenull
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-n9uc-b76m-8fbs