Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-x2qp-yggf-z7h7
Summary
Exposure of Sensitive Information to an Unauthorized Actor
Cross-site request forgery (CSRF) vulnerability in admin/registration/register.php in Moodle through 2.6.11, 2.7.x before 2.7.11, 2.8.x before 2.8.9, and 2.9.x before 2.9.3 allows remote attackers to hijack the authentication of administrators for requests that send statistics to an arbitrary hub URL.
Aliases
0
alias CVE-2015-5335
1
alias GHSA-hpmv-wvq3-gj27
Fixed_packages
0
url pkg:composer/moodle/moodle@2.7.11
purl pkg:composer/moodle/moodle@2.7.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-xmm4-zw49-3feh
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.11
1
url pkg:composer/moodle/moodle@2.8.9
purl pkg:composer/moodle/moodle@2.8.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kq3-v2u1-fyhz
1
vulnerability VCID-xmm4-zw49-3feh
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.9
2
url pkg:composer/moodle/moodle@2.9.3
purl pkg:composer/moodle/moodle@2.9.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-3kq3-v2u1-fyhz
1
vulnerability VCID-xmm4-zw49-3feh
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.3
Affected_packages
0
url pkg:composer/moodle/moodle@2.8.0
purl pkg:composer/moodle/moodle@2.8.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1z6j-fs6f-eua1
1
vulnerability VCID-2y3m-yuaj-vkf2
2
vulnerability VCID-37j1-ym2f-1fbc
3
vulnerability VCID-37pj-u3gh-n7fd
4
vulnerability VCID-3kq3-v2u1-fyhz
5
vulnerability VCID-46jw-xjbu-b3f1
6
vulnerability VCID-4cx7-eaax-8uhr
7
vulnerability VCID-4kq5-ctsv-eka8
8
vulnerability VCID-5hx1-9xbg-g3fn
9
vulnerability VCID-5nfq-4syg-87da
10
vulnerability VCID-5vx4-qtb2-fqe9
11
vulnerability VCID-62yh-cpfr-9bb1
12
vulnerability VCID-65y9-9ur2-pugc
13
vulnerability VCID-7rut-8dau-e3cp
14
vulnerability VCID-8cc1-hbzm-87bx
15
vulnerability VCID-95mq-m2jz-a3ab
16
vulnerability VCID-9z66-z9af-17f7
17
vulnerability VCID-a34q-gbqw-1bbr
18
vulnerability VCID-a3pu-x51u-1udr
19
vulnerability VCID-an53-nu91-k3d7
20
vulnerability VCID-aqc8-tmeg-9fdd
21
vulnerability VCID-b9ej-hx7z-1bb8
22
vulnerability VCID-d3yp-gq4c-vyf8
23
vulnerability VCID-dnya-ef8u-6bg1
24
vulnerability VCID-eaqp-7abt-6kg9
25
vulnerability VCID-emu7-jhv2-zqb8
26
vulnerability VCID-evke-m8nn-6ua3
27
vulnerability VCID-fpuj-f6nx-n7a9
28
vulnerability VCID-fsex-f512-pudv
29
vulnerability VCID-g4hn-yz26-1beb
30
vulnerability VCID-gvan-87dt-b7fp
31
vulnerability VCID-hbky-xx53-vkct
32
vulnerability VCID-j11s-2mhg-pfdn
33
vulnerability VCID-jc19-ee46-4uh3
34
vulnerability VCID-jcnw-cwmz-w7cz
35
vulnerability VCID-k6pw-51st-b3d2
36
vulnerability VCID-kgvw-uxf4-wbc1
37
vulnerability VCID-m6zk-p84r-vbh5
38
vulnerability VCID-n9uc-b76m-8fbs
39
vulnerability VCID-nfdb-m7rg-47ca
40
vulnerability VCID-qtt4-455b-abb6
41
vulnerability VCID-r3f7-9paf-83ht
42
vulnerability VCID-rscq-xx52-2ua8
43
vulnerability VCID-ryws-mr9v-7yfp
44
vulnerability VCID-s3bw-w61k-eqhy
45
vulnerability VCID-s3ue-e5h8-f3dy
46
vulnerability VCID-sa6m-ecv7-x3ew
47
vulnerability VCID-t214-wxz7-a3df
48
vulnerability VCID-tmwc-f872-mufw
49
vulnerability VCID-trvp-xzf5-pff8
50
vulnerability VCID-ujja-hfkh-wkez
51
vulnerability VCID-uptz-tj66-7yfk
52
vulnerability VCID-v54t-5thx-1beu
53
vulnerability VCID-v6ha-ekxw-7bfr
54
vulnerability VCID-vb67-yux5-ayhf
55
vulnerability VCID-wavt-rrws-3yhs
56
vulnerability VCID-wg45-hemm-97am
57
vulnerability VCID-x2qp-yggf-z7h7
58
vulnerability VCID-xmm4-zw49-3feh
59
vulnerability VCID-xy2y-yxfu-xfgm
60
vulnerability VCID-y2vh-7r7h-9ugu
61
vulnerability VCID-ym1r-ackg-4kc3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.0
1
url pkg:composer/moodle/moodle@2.9.0
purl pkg:composer/moodle/moodle@2.9.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1z6j-fs6f-eua1
1
vulnerability VCID-37j1-ym2f-1fbc
2
vulnerability VCID-37pj-u3gh-n7fd
3
vulnerability VCID-3kq3-v2u1-fyhz
4
vulnerability VCID-421n-34cp-cka8
5
vulnerability VCID-4cx7-eaax-8uhr
6
vulnerability VCID-4kq5-ctsv-eka8
7
vulnerability VCID-5hx1-9xbg-g3fn
8
vulnerability VCID-65y9-9ur2-pugc
9
vulnerability VCID-7rut-8dau-e3cp
10
vulnerability VCID-8cc1-hbzm-87bx
11
vulnerability VCID-a34q-gbqw-1bbr
12
vulnerability VCID-an53-nu91-k3d7
13
vulnerability VCID-b9ej-hx7z-1bb8
14
vulnerability VCID-dnya-ef8u-6bg1
15
vulnerability VCID-eaqp-7abt-6kg9
16
vulnerability VCID-emu7-jhv2-zqb8
17
vulnerability VCID-evke-m8nn-6ua3
18
vulnerability VCID-fpuj-f6nx-n7a9
19
vulnerability VCID-fsex-f512-pudv
20
vulnerability VCID-jc19-ee46-4uh3
21
vulnerability VCID-jcnw-cwmz-w7cz
22
vulnerability VCID-k6pw-51st-b3d2
23
vulnerability VCID-kgvw-uxf4-wbc1
24
vulnerability VCID-m6zk-p84r-vbh5
25
vulnerability VCID-qtt4-455b-abb6
26
vulnerability VCID-ryws-mr9v-7yfp
27
vulnerability VCID-s3ue-e5h8-f3dy
28
vulnerability VCID-sa6m-ecv7-x3ew
29
vulnerability VCID-t214-wxz7-a3df
30
vulnerability VCID-trvp-xzf5-pff8
31
vulnerability VCID-ujja-hfkh-wkez
32
vulnerability VCID-v54t-5thx-1beu
33
vulnerability VCID-v6ha-ekxw-7bfr
34
vulnerability VCID-vb67-yux5-ayhf
35
vulnerability VCID-wg45-hemm-97am
36
vulnerability VCID-x2qp-yggf-z7h7
37
vulnerability VCID-xmm4-zw49-3feh
38
vulnerability VCID-xy2y-yxfu-xfgm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.0
References
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51091
reference_id
reference_type
scores
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51091
1
reference_url https://github.com/moodle/moodle/commit/4bb9e1ad8af12b01499c68543e80f7c12fd557ea
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/4bb9e1ad8af12b01499c68543e80f7c12fd557ea
2
reference_url https://github.com/moodle/moodle/commit/77e072ebec68ba685551b886b71054d1feae6c94
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/77e072ebec68ba685551b886b71054d1feae6c94
3
reference_url https://github.com/moodle/moodle/commit/7bf5c6a542efa113dbb241a113cb6079f0572443
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/7bf5c6a542efa113dbb241a113cb6079f0572443
4
reference_url https://github.com/moodle/moodle/commit/a1168a7427f8fa1926a771fe8e6d10aeb6689686
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/a1168a7427f8fa1926a771fe8e6d10aeb6689686
5
reference_url https://moodle.org/mod/forum/discuss.php?d=323230
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=323230
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-5335
reference_id CVE-2015-5335
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2015-5335
7
reference_url https://github.com/advisories/GHSA-hpmv-wvq3-gj27
reference_id GHSA-hpmv-wvq3-gj27
reference_type
scores
url https://github.com/advisories/GHSA-hpmv-wvq3-gj27
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 200
name Exposure of Sensitive Information to an Unauthorized Actor
description The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
2
cwe_id 352
name Cross-Site Request Forgery (CSRF)
description The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.
3
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_scorenull
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-x2qp-yggf-z7h7