{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/45471?format=json","vulnerability_id":"VCID-1wzm-dhqv-43bj","summary":"Server-Side Request Forgery (SSRF)\nAn issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.","aliases":[{"alias":"CVE-2023-35133"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/65684?format=json","purl":"pkg:composer/moodle/moodle@3.9.22","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.22"},{"url":"http://public2.vulnerablecode.io/api/packages/65685?format=json","purl":"pkg:composer/moodle/moodle@3.11.15","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.11.15"},{"url":"http://public2.vulnerablecode.io/api/packages/65686?format=json","purl":"pkg:composer/moodle/moodle@4.0.9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.0.9"},{"url":"http://public2.vulnerablecode.io/api/packages/65687?format=json","purl":"pkg:composer/moodle/moodle@4.1.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.4"},{"url":"http://public2.vulnerablecode.io/api/packages/65688?format=json","purl":"pkg:composer/moodle/moodle@4.2.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.1"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/59618?format=json","purl":"pkg:composer/moodle/moodle@3.11.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-164m-humk-1fe3"},{"vulnerability":"VCID-1kfj-2zwf-vbfp"},{"vulnerability":"VCID-1wzm-dhqv-43bj"},{"vulnerability":"VCID-233t-s5y8-4yg5"},{"vulnerability":"VCID-24bp-c9yc-gua4"},{"vulnerability":"VCID-2trf-n9r4-ykgg"},{"vulnerability":"VCID-2z6d-qf96-kyb4"},{"vulnerability":"VCID-33ss-gb34-8ke5"},{"vulnerability":"VCID-3ept-fdps-5fe5"},{"vulnerability":"VCID-4c9d-jf9g-u3gn"},{"vulnerability":"VCID-57wg-wxss-jbaw"},{"vulnerability":"VCID-5bfe-hk7m-7bh6"},{"vulnerability":"VCID-5q1e-b4e8-jbc8"},{"vulnerability":"VCID-5rk8-v6bb-6ugh"},{"vulnerability":"VCID-7rqc-eepq-43ds"},{"vulnerability":"VCID-7x6e-qege-ufdv"},{"vulnerability":"VCID-8d9n-ejbb-7fa1"},{"vulnerability":"VCID-9uem-p6k3-nqdb"},{"vulnerability":"VCID-b994-r5mw-3fbg"},{"vulnerability":"VCID-cbzx-gnhr-pfap"},{"vulnerability":"VCID-d8gp-tuxy-3qdf"},{"vulnerability":"VCID-dvrf-62nt-2kdp"},{"vulnerability":"VCID-gepg-y7ud-cuds"},{"vulnerability":"VCID-gr4h-n82f-zkg2"},{"vulnerability":"VCID-hk13-uc46-87h1"},{"vulnerability":"VCID-hsk6-h5ky-g3cx"},{"vulnerability":"VCID-jarn-rtuz-wucq"},{"vulnerability":"VCID-jfsu-ya7r-h3e1"},{"vulnerability":"VCID-p3ge-1cqt-tufw"},{"vulnerability":"VCID-qfvz-hf8h-8bb3"},{"vulnerability":"VCID-s7pu-hgz5-zfbq"},{"vulnerability":"VCID-taab-hupu-huf9"},{"vulnerability":"VCID-u32t-89zc-v3gj"},{"vulnerability":"VCID-utsj-g57g-cbeb"},{"vulnerability":"VCID-x1pc-1kuc-kug2"},{"vulnerability":"VCID-yxag-fghx-47ej"},{"vulnerability":"VCID-zf4q-a4cz-y7dh"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.11.0"},{"url":"http://public2.vulnerablecode.io/api/packages/63984?format=json","purl":"pkg:composer/moodle/moodle@4.0.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1wzm-dhqv-43bj"},{"vulnerability":"VCID-24bp-c9yc-gua4"},{"vulnerability":"VCID-2trf-n9r4-ykgg"},{"vulnerability":"VCID-2z6d-qf96-kyb4"},{"vulnerability":"VCID-33ss-gb34-8ke5"},{"vulnerability":"VCID-3ept-fdps-5fe5"},{"vulnerability":"VCID-4c9d-jf9g-u3gn"},{"vulnerability":"VCID-4svp-grnb-2fh3"},{"vulnerability":"VCID-5bfe-hk7m-7bh6"},{"vulnerability":"VCID-5q1e-b4e8-jbc8"},{"vulnerability":"VCID-5rk8-v6bb-6ugh"},{"vulnerability":"VCID-7rqc-eepq-43ds"},{"vulnerability":"VCID-7x6e-qege-ufdv"},{"vulnerability":"VCID-8d9n-ejbb-7fa1"},{"vulnerability":"VCID-b994-r5mw-3fbg"},{"vulnerability":"VCID-cbzx-gnhr-pfap"},{"vulnerability":"VCID-d8gp-tuxy-3qdf"},{"vulnerability":"VCID-dvrf-62nt-2kdp"},{"vulnerability":"VCID-gepg-y7ud-cuds"},{"vulnerability":"VCID-hsk6-h5ky-g3cx"},{"vulnerability":"VCID-jarn-rtuz-wucq"},{"vulnerability":"VCID-jfsu-ya7r-h3e1"},{"vulnerability":"VCID-ngar-aydn-eye4"},{"vulnerability":"VCID-s7pu-hgz5-zfbq"},{"vulnerability":"VCID-sz1m-v8wf-nqgx"},{"vulnerability":"VCID-utsj-g57g-cbeb"},{"vulnerability":"VCID-x1pc-1kuc-kug2"},{"vulnerability":"VCID-yxag-fghx-47ej"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.0.0"},{"url":"http://public2.vulnerablecode.io/api/packages/63985?format=json","purl":"pkg:composer/moodle/moodle@4.1.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1wzm-dhqv-43bj"},{"vulnerability":"VCID-24bp-c9yc-gua4"},{"vulnerability":"VCID-2z6d-qf96-kyb4"},{"vulnerability":"VCID-33ss-gb34-8ke5"},{"vulnerability":"VCID-3ept-fdps-5fe5"},{"vulnerability":"VCID-4c9d-jf9g-u3gn"},{"vulnerability":"VCID-4svp-grnb-2fh3"},{"vulnerability":"VCID-5bfe-hk7m-7bh6"},{"vulnerability":"VCID-5q1e-b4e8-jbc8"},{"vulnerability":"VCID-5rk8-v6bb-6ugh"},{"vulnerability":"VCID-7rqc-eepq-43ds"},{"vulnerability":"VCID-7x6e-qege-ufdv"},{"vulnerability":"VCID-8d9n-ejbb-7fa1"},{"vulnerability":"VCID-b994-r5mw-3fbg"},{"vulnerability":"VCID-cbzx-gnhr-pfap"},{"vulnerability":"VCID-d8gp-tuxy-3qdf"},{"vulnerability":"VCID-dvrf-62nt-2kdp"},{"vulnerability":"VCID-gepg-y7ud-cuds"},{"vulnerability":"VCID-hsk6-h5ky-g3cx"},{"vulnerability":"VCID-jarn-rtuz-wucq"},{"vulnerability":"VCID-jfsu-ya7r-h3e1"},{"vulnerability":"VCID-ngar-aydn-eye4"},{"vulnerability":"VCID-qan2-5dd9-myhg"},{"vulnerability":"VCID-s4j2-ppgk-sfh9"},{"vulnerability":"VCID-s7pu-hgz5-zfbq"},{"vulnerability":"VCID-sz1m-v8wf-nqgx"},{"vulnerability":"VCID-utsj-g57g-cbeb"},{"vulnerability":"VCID-x1pc-1kuc-kug2"},{"vulnerability":"VCID-yxag-fghx-47ej"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.0"},{"url":"http://public2.vulnerablecode.io/api/packages/65683?format=json","purl":"pkg:composer/moodle/moodle@4.2.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-1wzm-dhqv-43bj"},{"vulnerability":"VCID-24bp-c9yc-gua4"},{"vulnerability":"VCID-4c9d-jf9g-u3gn"},{"vulnerability":"VCID-4svp-grnb-2fh3"},{"vulnerability":"VCID-6726-ca8y-4uez"},{"vulnerability":"VCID-7rqc-eepq-43ds"},{"vulnerability":"VCID-7x6e-qege-ufdv"},{"vulnerability":"VCID-8d9n-ejbb-7fa1"},{"vulnerability":"VCID-d8gp-tuxy-3qdf"},{"vulnerability":"VCID-gycn-bey2-4yam"},{"vulnerability":"VCID-hsk6-h5ky-g3cx"},{"vulnerability":"VCID-jarn-rtuz-wucq"},{"vulnerability":"VCID-jfsu-ya7r-h3e1"},{"vulnerability":"VCID-mhh7-n7ut-hkh6"},{"vulnerability":"VCID-ngar-aydn-eye4"},{"vulnerability":"VCID-qabh-bpmn-1ye5"},{"vulnerability":"VCID-r1ug-e8x6-83gt"},{"vulnerability":"VCID-s7pu-hgz5-zfbq"},{"vulnerability":"VCID-team-9wba-yufc"},{"vulnerability":"VCID-utsj-g57g-cbeb"},{"vulnerability":"VCID-x1pc-1kuc-kug2"},{"vulnerability":"VCID-yc6t-am1p-x3ev"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.0"}],"references":[{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7A72KX4WU6GK2CX4TKYFGFASPKOEOJFC/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7A72KX4WU6GK2CX4TKYFGFASPKOEOJFC/"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5QAEAGJ44NVXLAJFJXKARKC45OGEDXT/","reference_id":"","reference_type":"","scores":[],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5QAEAGJ44NVXLAJFJXKARKC45OGEDXT/"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=447831","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=447831"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2023-35133","reference_id":"CVE-2023-35133","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-35133"}],"weaknesses":[{"cwe_id":1035,"name":"OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017."},{"cwe_id":918,"name":"Server-Side Request Forgery (SSRF)","description":"The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination."},{"cwe_id":937,"name":"OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities","description":"Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013."}],"exploits":[],"severity_range_score":null,"exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1wzm-dhqv-43bj"}