Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-a4uv-j23y-8bg1
Summary
Moodle does not properly restrict comment capabilities
comment/lib.php in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 does not properly restrict comment capabilities, which allows remote attackers to post a comment by leveraging the guest role and operating on a front-page activity.
Aliases
0
alias CVE-2011-4297
1
alias GHSA-62wv-866c-rh86
Fixed_packages
Affected_packages
0
url pkg:composer/moodle/moodle@2.0.0
purl pkg:composer/moodle/moodle@2.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-41jn-p8ef-pqbg
1
vulnerability VCID-41up-e414-hyba
2
vulnerability VCID-47h1-1tt9-4fat
3
vulnerability VCID-4cdk-8y5v-nba1
4
vulnerability VCID-4hs4-xkzr-ybbf
5
vulnerability VCID-6dwh-baur-9ydg
6
vulnerability VCID-7pf8-gx8a-fbg1
7
vulnerability VCID-7tky-51ah-17bs
8
vulnerability VCID-9ca4-gyeh-qkhc
9
vulnerability VCID-9e5m-wfwn-j7a3
10
vulnerability VCID-9nee-rvyv-qfba
11
vulnerability VCID-a4uv-j23y-8bg1
12
vulnerability VCID-atb4-adjz-1uef
13
vulnerability VCID-dt8h-ktfk-2qec
14
vulnerability VCID-e2hb-w8g1-xbax
15
vulnerability VCID-ek29-cpbw-77fh
16
vulnerability VCID-ev8f-4uzk-b3an
17
vulnerability VCID-fq4z-5wh4-b3b5
18
vulnerability VCID-fwn7-hez1-ayhj
19
vulnerability VCID-jbvt-9yy2-afb4
20
vulnerability VCID-q6wx-c4w3-skh8
21
vulnerability VCID-qpm1-4xwk-sfb2
22
vulnerability VCID-r7wm-grca-3fgw
23
vulnerability VCID-scrd-yyjh-gbhw
24
vulnerability VCID-ubt2-hvzj-1kbh
25
vulnerability VCID-vgxb-fkuj-9fgk
26
vulnerability VCID-yyug-rt71-yfds
27
vulnerability VCID-zhfc-drsr-27ae
28
vulnerability VCID-zvsh-te3w-qyec
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.0.0
1
url pkg:composer/moodle/moodle@2.1.0
purl pkg:composer/moodle/moodle@2.1.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uce-2wtr-8bfg
1
vulnerability VCID-29gm-tfg6-xkey
2
vulnerability VCID-3tq1-jwd5-xqcr
3
vulnerability VCID-4cdk-8y5v-nba1
4
vulnerability VCID-6dwh-baur-9ydg
5
vulnerability VCID-9nee-rvyv-qfba
6
vulnerability VCID-a4uv-j23y-8bg1
7
vulnerability VCID-atb4-adjz-1uef
8
vulnerability VCID-c9kg-rsj3-b3bw
9
vulnerability VCID-dt8h-ktfk-2qec
10
vulnerability VCID-e2hb-w8g1-xbax
11
vulnerability VCID-et8t-f1u1-kudb
12
vulnerability VCID-jbvt-9yy2-afb4
13
vulnerability VCID-mh2f-ytz5-9fhg
14
vulnerability VCID-q6wx-c4w3-skh8
15
vulnerability VCID-qpm1-4xwk-sfb2
16
vulnerability VCID-ubt2-hvzj-1kbh
17
vulnerability VCID-yyug-rt71-yfds
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.1.0
References
0
reference_url http://git.moodle.org
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://git.moodle.org
1
reference_url http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=9da3c2efadcc5f56cb8adc19c67ed16be35780f3
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://git.moodle.org/gw?p=moodle.git%3Ba=commit%3Bh=9da3c2efadcc5f56cb8adc19c67ed16be35780f3
2
reference_url http://git.moodle.org/gw?p=moodle.git;a=commit;h=9da3c2efadcc5f56cb8adc19c67ed16be35780f3
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://git.moodle.org/gw?p=moodle.git;a=commit;h=9da3c2efadcc5f56cb8adc19c67ed16be35780f3
3
reference_url http://moodle.org/mod/forum/discuss.php?d=182740
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://moodle.org/mod/forum/discuss.php?d=182740
4
reference_url http://openwall.com/lists/oss-security/2011/11/14/1
reference_id
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url http://openwall.com/lists/oss-security/2011/11/14/1
5
reference_url https://api.first.org/data/v1/epss?cve=CVE-2011-4297
reference_id
reference_type
scores
0
value 0.00519
scoring_system epss
scoring_elements 0.67184
published_at 2026-06-05T12:55:00Z
1
value 0.00519
scoring_system epss
scoring_elements 0.67144
published_at 2026-06-04T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2011-4297
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2011-4297
reference_id CVE-2011-4297
reference_type
scores
0
value 6.6
scoring_system cvssv4
scoring_elements CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U
1
value MODERATE
scoring_system generic_textual
scoring_elements
url https://nvd.nist.gov/vuln/detail/CVE-2011-4297
7
reference_url https://github.com/advisories/GHSA-62wv-866c-rh86
reference_id GHSA-62wv-866c-rh86
reference_type
scores
0
value MODERATE
scoring_system cvssv3.1_qr
scoring_elements
url https://github.com/advisories/GHSA-62wv-866c-rh86
Weaknesses
0
cwe_id 863
name Incorrect Authorization
description The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.
1
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
2
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
Exploits
Severity_range_score4.0 - 6.9
Exploitability0.5
Weighted_severity6.2
Risk_score3.1
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-a4uv-j23y-8bg1