Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-5hx1-9xbg-g3fn
Summary
Exposure of Sensitive Information to an Unauthorized Actor
calendar/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 provides calendar-event data without considering whether an activity is hidden, which allows remote authenticated users to obtain sensitive information via a web-service request.
Aliases
0
alias CVE-2016-2156
1
alias GHSA-h8vc-v44p-5r2q
Fixed_packages
0
url pkg:composer/moodle/moodle@2.7.13
purl pkg:composer/moodle/moodle@2.7.13
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kq5-ctsv-eka8
1
vulnerability VCID-8cc1-hbzm-87bx
2
vulnerability VCID-kgvw-uxf4-wbc1
3
vulnerability VCID-s3ue-e5h8-f3dy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.13
1
url pkg:composer/moodle/moodle@2.8.11
purl pkg:composer/moodle/moodle@2.8.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kq5-ctsv-eka8
1
vulnerability VCID-8cc1-hbzm-87bx
2
vulnerability VCID-kgvw-uxf4-wbc1
3
vulnerability VCID-s3ue-e5h8-f3dy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.11
2
url pkg:composer/moodle/moodle@2.9.5
purl pkg:composer/moodle/moodle@2.9.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kq5-ctsv-eka8
1
vulnerability VCID-8cc1-hbzm-87bx
2
vulnerability VCID-kgvw-uxf4-wbc1
3
vulnerability VCID-s3ue-e5h8-f3dy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.5
3
url pkg:composer/moodle/moodle@3.0.3
purl pkg:composer/moodle/moodle@3.0.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4kq5-ctsv-eka8
1
vulnerability VCID-8cc1-hbzm-87bx
2
vulnerability VCID-kgvw-uxf4-wbc1
3
vulnerability VCID-s3ue-e5h8-f3dy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.3
Affected_packages
0
url pkg:composer/moodle/moodle@2.8.0
purl pkg:composer/moodle/moodle@2.8.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1z6j-fs6f-eua1
1
vulnerability VCID-2y3m-yuaj-vkf2
2
vulnerability VCID-37j1-ym2f-1fbc
3
vulnerability VCID-37pj-u3gh-n7fd
4
vulnerability VCID-3kq3-v2u1-fyhz
5
vulnerability VCID-46jw-xjbu-b3f1
6
vulnerability VCID-4cx7-eaax-8uhr
7
vulnerability VCID-4kq5-ctsv-eka8
8
vulnerability VCID-5hx1-9xbg-g3fn
9
vulnerability VCID-5nfq-4syg-87da
10
vulnerability VCID-5vx4-qtb2-fqe9
11
vulnerability VCID-62yh-cpfr-9bb1
12
vulnerability VCID-65y9-9ur2-pugc
13
vulnerability VCID-7rut-8dau-e3cp
14
vulnerability VCID-8cc1-hbzm-87bx
15
vulnerability VCID-95mq-m2jz-a3ab
16
vulnerability VCID-9z66-z9af-17f7
17
vulnerability VCID-a34q-gbqw-1bbr
18
vulnerability VCID-a3pu-x51u-1udr
19
vulnerability VCID-an53-nu91-k3d7
20
vulnerability VCID-aqc8-tmeg-9fdd
21
vulnerability VCID-b9ej-hx7z-1bb8
22
vulnerability VCID-d3yp-gq4c-vyf8
23
vulnerability VCID-dnya-ef8u-6bg1
24
vulnerability VCID-eaqp-7abt-6kg9
25
vulnerability VCID-emu7-jhv2-zqb8
26
vulnerability VCID-evke-m8nn-6ua3
27
vulnerability VCID-fpuj-f6nx-n7a9
28
vulnerability VCID-fsex-f512-pudv
29
vulnerability VCID-g4hn-yz26-1beb
30
vulnerability VCID-gvan-87dt-b7fp
31
vulnerability VCID-hbky-xx53-vkct
32
vulnerability VCID-j11s-2mhg-pfdn
33
vulnerability VCID-jc19-ee46-4uh3
34
vulnerability VCID-jcnw-cwmz-w7cz
35
vulnerability VCID-k6pw-51st-b3d2
36
vulnerability VCID-kgvw-uxf4-wbc1
37
vulnerability VCID-m6zk-p84r-vbh5
38
vulnerability VCID-n9uc-b76m-8fbs
39
vulnerability VCID-nfdb-m7rg-47ca
40
vulnerability VCID-qtt4-455b-abb6
41
vulnerability VCID-r3f7-9paf-83ht
42
vulnerability VCID-rscq-xx52-2ua8
43
vulnerability VCID-ryws-mr9v-7yfp
44
vulnerability VCID-s3bw-w61k-eqhy
45
vulnerability VCID-s3ue-e5h8-f3dy
46
vulnerability VCID-sa6m-ecv7-x3ew
47
vulnerability VCID-t214-wxz7-a3df
48
vulnerability VCID-tmwc-f872-mufw
49
vulnerability VCID-trvp-xzf5-pff8
50
vulnerability VCID-ujja-hfkh-wkez
51
vulnerability VCID-uptz-tj66-7yfk
52
vulnerability VCID-v54t-5thx-1beu
53
vulnerability VCID-v6ha-ekxw-7bfr
54
vulnerability VCID-vb67-yux5-ayhf
55
vulnerability VCID-wavt-rrws-3yhs
56
vulnerability VCID-wg45-hemm-97am
57
vulnerability VCID-x2qp-yggf-z7h7
58
vulnerability VCID-xmm4-zw49-3feh
59
vulnerability VCID-xy2y-yxfu-xfgm
60
vulnerability VCID-y2vh-7r7h-9ugu
61
vulnerability VCID-ym1r-ackg-4kc3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.0
1
url pkg:composer/moodle/moodle@2.9.0
purl pkg:composer/moodle/moodle@2.9.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1z6j-fs6f-eua1
1
vulnerability VCID-37j1-ym2f-1fbc
2
vulnerability VCID-37pj-u3gh-n7fd
3
vulnerability VCID-3kq3-v2u1-fyhz
4
vulnerability VCID-421n-34cp-cka8
5
vulnerability VCID-4cx7-eaax-8uhr
6
vulnerability VCID-4kq5-ctsv-eka8
7
vulnerability VCID-5hx1-9xbg-g3fn
8
vulnerability VCID-65y9-9ur2-pugc
9
vulnerability VCID-7rut-8dau-e3cp
10
vulnerability VCID-8cc1-hbzm-87bx
11
vulnerability VCID-a34q-gbqw-1bbr
12
vulnerability VCID-an53-nu91-k3d7
13
vulnerability VCID-b9ej-hx7z-1bb8
14
vulnerability VCID-dnya-ef8u-6bg1
15
vulnerability VCID-eaqp-7abt-6kg9
16
vulnerability VCID-emu7-jhv2-zqb8
17
vulnerability VCID-evke-m8nn-6ua3
18
vulnerability VCID-fpuj-f6nx-n7a9
19
vulnerability VCID-fsex-f512-pudv
20
vulnerability VCID-jc19-ee46-4uh3
21
vulnerability VCID-jcnw-cwmz-w7cz
22
vulnerability VCID-k6pw-51st-b3d2
23
vulnerability VCID-kgvw-uxf4-wbc1
24
vulnerability VCID-m6zk-p84r-vbh5
25
vulnerability VCID-qtt4-455b-abb6
26
vulnerability VCID-ryws-mr9v-7yfp
27
vulnerability VCID-s3ue-e5h8-f3dy
28
vulnerability VCID-sa6m-ecv7-x3ew
29
vulnerability VCID-t214-wxz7-a3df
30
vulnerability VCID-trvp-xzf5-pff8
31
vulnerability VCID-ujja-hfkh-wkez
32
vulnerability VCID-v54t-5thx-1beu
33
vulnerability VCID-v6ha-ekxw-7bfr
34
vulnerability VCID-vb67-yux5-ayhf
35
vulnerability VCID-wg45-hemm-97am
36
vulnerability VCID-x2qp-yggf-z7h7
37
vulnerability VCID-xmm4-zw49-3feh
38
vulnerability VCID-xy2y-yxfu-xfgm
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.0
2
url pkg:composer/moodle/moodle@3.0.0
purl pkg:composer/moodle/moodle@3.0.0
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dxb-v1af-jbax
1
vulnerability VCID-37pj-u3gh-n7fd
2
vulnerability VCID-3kq3-v2u1-fyhz
3
vulnerability VCID-4kq5-ctsv-eka8
4
vulnerability VCID-5hx1-9xbg-g3fn
5
vulnerability VCID-5rbf-4dz3-2qdz
6
vulnerability VCID-65y9-9ur2-pugc
7
vulnerability VCID-7rut-8dau-e3cp
8
vulnerability VCID-8cc1-hbzm-87bx
9
vulnerability VCID-9nd7-4wve-97hc
10
vulnerability VCID-an53-nu91-k3d7
11
vulnerability VCID-dhku-uah4-ykh8
12
vulnerability VCID-dnya-ef8u-6bg1
13
vulnerability VCID-eaqp-7abt-6kg9
14
vulnerability VCID-fsex-f512-pudv
15
vulnerability VCID-k6pw-51st-b3d2
16
vulnerability VCID-kgvw-uxf4-wbc1
17
vulnerability VCID-qtt4-455b-abb6
18
vulnerability VCID-ryws-mr9v-7yfp
19
vulnerability VCID-s3ue-e5h8-f3dy
20
vulnerability VCID-sa6m-ecv7-x3ew
21
vulnerability VCID-ujja-hfkh-wkez
22
vulnerability VCID-v54t-5thx-1beu
23
vulnerability VCID-vb67-yux5-ayhf
24
vulnerability VCID-vtq4-fpr8-hudb
25
vulnerability VCID-xmm4-zw49-3feh
26
vulnerability VCID-zgzm-wj81-jkah
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.0
References
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52808
reference_id
reference_type
scores
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52808
1
reference_url https://github.com/moodle/moodle/commit/39b851376337b853c8d403dcba64645d16f0a9bd
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/39b851376337b853c8d403dcba64645d16f0a9bd
2
reference_url https://github.com/moodle/moodle/commit/783e695e00689d67925d6f83722d344c0bd6de94
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/783e695e00689d67925d6f83722d344c0bd6de94
3
reference_url https://github.com/moodle/moodle/commit/854e7b8ed0a84eb91ca455ca290427d22bc20baf
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/854e7b8ed0a84eb91ca455ca290427d22bc20baf
4
reference_url https://github.com/moodle/moodle/commit/c631b112d6e729c84f5d559371a399fe54502ba3
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/c631b112d6e729c84f5d559371a399fe54502ba3
5
reference_url https://github.com/moodle/moodle/commit/d63ac148b95e5f909618e75efd76f6b5032da158
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/d63ac148b95e5f909618e75efd76f6b5032da158
6
reference_url https://moodle.org/mod/forum/discuss.php?d=330178
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=330178
7
reference_url https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333
reference_id
reference_type
scores
url https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333
8
reference_url http://www.openwall.com/lists/oss-security/2016/03/21/1
reference_id
reference_type
scores
url http://www.openwall.com/lists/oss-security/2016/03/21/1
9
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-2156
reference_id CVE-2016-2156
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2016-2156
10
reference_url https://github.com/advisories/GHSA-h8vc-v44p-5r2q
reference_id GHSA-h8vc-v44p-5r2q
reference_type
scores
url https://github.com/advisories/GHSA-h8vc-v44p-5r2q
Weaknesses
0
cwe_id 1035
name OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017.
1
cwe_id 200
name Exposure of Sensitive Information to an Unauthorized Actor
description The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
2
cwe_id 937
name OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
description Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013.
Exploits
Severity_range_scorenull
Exploitabilitynull
Weighted_severitynull
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-5hx1-9xbg-g3fn