VulnerableCode.io REST API

Lookup for vulnerable packages by Package URL.

GET /api/packages/52558?format=api

HTTP 200 OK
Allow: GET, HEAD, OPTIONS
Content-Type: application/json
Vary: Accept

{
    "url": "http://public2.vulnerablecode.io/api/packages/52558?format=api",
    "purl": "pkg:composer/moodle/moodle@3.0.2",
    "type": "composer",
    "namespace": "moodle",
    "name": "moodle",
    "version": "3.0.2",
    "qualifiers": {},
    "subpath": "",
    "is_vulnerable": true,
    "next_non_vulnerable_version": "3.0.9",
    "latest_non_vulnerable_version": "3.11.6",
    "affected_by_vulnerabilities": [
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38122?format=api",
            "vulnerability_id": "VCID-37pj-u3gh-n7fd",
            "summary": "Insertion of Sensitive Information into Log File\nMoodle does not properly restrict links, which allows remote attackers to obtain sensitive URL information by reading a Referer log.",
            "references": [
                {
                    "reference_url": "https://moodle.org/mod/forum/discuss.php?d=330181",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://moodle.org/mod/forum/discuss.php?d=330181"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2190",
                    "reference_id": "CVE-2016-2190",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2190"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/52705?format=api",
                    "purl": "pkg:composer/moodle/moodle@3.0.3",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-4kq5-ctsv-eka8"
                        },
                        {
                            "vulnerability": "VCID-8cc1-hbzm-87bx"
                        },
                        {
                            "vulnerability": "VCID-kgvw-uxf4-wbc1"
                        },
                        {
                            "vulnerability": "VCID-s3ue-e5h8-f3dy"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.3"
                }
            ],
            "aliases": [
                "CVE-2016-2190"
            ],
            "risk_score": null,
            "exploitability": null,
            "weighted_severity": null,
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-37pj-u3gh-n7fd"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38123?format=api",
            "vulnerability_id": "VCID-an53-nu91-k3d7",
            "summary": "Cross-site Scripting\nMultiple cross-site scripting (XSS) vulnerabilities in `auth/db/auth.php` in Moodle allow remote attackers to inject arbitrary web script or HTML via an external DB profile field.",
            "references": [
                {
                    "reference_url": "https://moodle.org/mod/forum/discuss.php?d=330174",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://moodle.org/mod/forum/discuss.php?d=330174"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2152",
                    "reference_id": "CVE-2016-2152",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2152"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/52705?format=api",
                    "purl": "pkg:composer/moodle/moodle@3.0.3",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-4kq5-ctsv-eka8"
                        },
                        {
                            "vulnerability": "VCID-8cc1-hbzm-87bx"
                        },
                        {
                            "vulnerability": "VCID-kgvw-uxf4-wbc1"
                        },
                        {
                            "vulnerability": "VCID-s3ue-e5h8-f3dy"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.3"
                }
            ],
            "aliases": [
                "CVE-2016-2152"
            ],
            "risk_score": null,
            "exploitability": null,
            "weighted_severity": null,
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-an53-nu91-k3d7"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38125?format=api",
            "vulnerability_id": "VCID-eaqp-7abt-6kg9",
            "summary": "Improper Access Control\nThe `save_submission` function in `mod/assign/externallib.php` in Moodle allows remote authenticated users to bypass intended due-date restrictions by leveraging the student role for a web-service request.",
            "references": [
                {
                    "reference_url": "https://moodle.org/mod/forum/discuss.php?d=330182",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://moodle.org/mod/forum/discuss.php?d=330182"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2159",
                    "reference_id": "CVE-2016-2159",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2159"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/52705?format=api",
                    "purl": "pkg:composer/moodle/moodle@3.0.3",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-4kq5-ctsv-eka8"
                        },
                        {
                            "vulnerability": "VCID-8cc1-hbzm-87bx"
                        },
                        {
                            "vulnerability": "VCID-kgvw-uxf4-wbc1"
                        },
                        {
                            "vulnerability": "VCID-s3ue-e5h8-f3dy"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.3"
                }
            ],
            "aliases": [
                "CVE-2016-2159"
            ],
            "risk_score": null,
            "exploitability": null,
            "weighted_severity": null,
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eaqp-7abt-6kg9"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38124?format=api",
            "vulnerability_id": "VCID-k6pw-51st-b3d2",
            "summary": "Cross-site Scripting\nCross-site scripting (XSS) vulnerability in the `advanced-search` feature in `mod_data` in Moodle allows remote attackers to inject arbitrary web script or HTML via a crafted field in a URL.",
            "references": [
                {
                    "reference_url": "https://moodle.org/mod/forum/discuss.php?d=330175",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://moodle.org/mod/forum/discuss.php?d=330175"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2153",
                    "reference_id": "CVE-2016-2153",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-2153"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/52705?format=api",
                    "purl": "pkg:composer/moodle/moodle@3.0.3",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-4kq5-ctsv-eka8"
                        },
                        {
                            "vulnerability": "VCID-8cc1-hbzm-87bx"
                        },
                        {
                            "vulnerability": "VCID-kgvw-uxf4-wbc1"
                        },
                        {
                            "vulnerability": "VCID-s3ue-e5h8-f3dy"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.3"
                }
            ],
            "aliases": [
                "CVE-2016-2153"
            ],
            "risk_score": null,
            "exploitability": null,
            "weighted_severity": null,
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k6pw-51st-b3d2"
        }
    ],
    "fixing_vulnerabilities": [
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38035?format=api",
            "vulnerability_id": "VCID-3kq3-v2u1-fyhz",
            "summary": "Cross-site Scripting\nCross-site scripting (XSS) vulnerability in the `search_pagination` function in `course/classes/management_renderer.php` in Moodle allows remote attackers to inject arbitrary web script or HTML via a crafted search string.",
            "references": [
                {
                    "reference_url": "https://moodle.org/mod/forum/discuss.php?d=326206",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://moodle.org/mod/forum/discuss.php?d=326206"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0725",
                    "reference_id": "CVE-2016-0725",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0725"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/52556?format=api",
                    "purl": "pkg:composer/moodle/moodle@2.8.10",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-37pj-u3gh-n7fd"
                        },
                        {
                            "vulnerability": "VCID-an53-nu91-k3d7"
                        },
                        {
                            "vulnerability": "VCID-eaqp-7abt-6kg9"
                        },
                        {
                            "vulnerability": "VCID-k6pw-51st-b3d2"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.10"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/52557?format=api",
                    "purl": "pkg:composer/moodle/moodle@2.9.4",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-37pj-u3gh-n7fd"
                        },
                        {
                            "vulnerability": "VCID-an53-nu91-k3d7"
                        },
                        {
                            "vulnerability": "VCID-eaqp-7abt-6kg9"
                        },
                        {
                            "vulnerability": "VCID-k6pw-51st-b3d2"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.4"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/52558?format=api",
                    "purl": "pkg:composer/moodle/moodle@3.0.2",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-37pj-u3gh-n7fd"
                        },
                        {
                            "vulnerability": "VCID-an53-nu91-k3d7"
                        },
                        {
                            "vulnerability": "VCID-eaqp-7abt-6kg9"
                        },
                        {
                            "vulnerability": "VCID-k6pw-51st-b3d2"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.2"
                }
            ],
            "aliases": [
                "CVE-2016-0725"
            ],
            "risk_score": null,
            "exploitability": null,
            "weighted_severity": null,
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-3kq3-v2u1-fyhz"
        },
        {
            "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38036?format=api",
            "vulnerability_id": "VCID-xmm4-zw49-3feh",
            "summary": "Information Exposure\nThe (1) `core_enrol_get_course_enrolment_methods` and (2) `enrol_self_get_instance_info` web services in Moodle do not consider the `moodle/course:viewhiddencourses` capability, which allows remote authenticated users to obtain sensitive information via a web-service request.",
            "references": [
                {
                    "reference_url": "https://moodle.org/mod/forum/discuss.php?d=326205",
                    "reference_id": "",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://moodle.org/mod/forum/discuss.php?d=326205"
                },
                {
                    "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0724",
                    "reference_id": "CVE-2016-0724",
                    "reference_type": "",
                    "scores": [],
                    "url": "https://nvd.nist.gov/vuln/detail/CVE-2016-0724"
                }
            ],
            "fixed_packages": [
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/52562?format=api",
                    "purl": "pkg:composer/moodle/moodle@2.7.12",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-37pj-u3gh-n7fd"
                        },
                        {
                            "vulnerability": "VCID-an53-nu91-k3d7"
                        },
                        {
                            "vulnerability": "VCID-eaqp-7abt-6kg9"
                        },
                        {
                            "vulnerability": "VCID-k6pw-51st-b3d2"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.12"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/52556?format=api",
                    "purl": "pkg:composer/moodle/moodle@2.8.10",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-37pj-u3gh-n7fd"
                        },
                        {
                            "vulnerability": "VCID-an53-nu91-k3d7"
                        },
                        {
                            "vulnerability": "VCID-eaqp-7abt-6kg9"
                        },
                        {
                            "vulnerability": "VCID-k6pw-51st-b3d2"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.10"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/52557?format=api",
                    "purl": "pkg:composer/moodle/moodle@2.9.4",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-37pj-u3gh-n7fd"
                        },
                        {
                            "vulnerability": "VCID-an53-nu91-k3d7"
                        },
                        {
                            "vulnerability": "VCID-eaqp-7abt-6kg9"
                        },
                        {
                            "vulnerability": "VCID-k6pw-51st-b3d2"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.4"
                },
                {
                    "url": "http://public2.vulnerablecode.io/api/packages/52558?format=api",
                    "purl": "pkg:composer/moodle/moodle@3.0.2",
                    "is_vulnerable": true,
                    "affected_by_vulnerabilities": [
                        {
                            "vulnerability": "VCID-37pj-u3gh-n7fd"
                        },
                        {
                            "vulnerability": "VCID-an53-nu91-k3d7"
                        },
                        {
                            "vulnerability": "VCID-eaqp-7abt-6kg9"
                        },
                        {
                            "vulnerability": "VCID-k6pw-51st-b3d2"
                        }
                    ],
                    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.2"
                }
            ],
            "aliases": [
                "CVE-2016-0724"
            ],
            "risk_score": null,
            "exploitability": null,
            "weighted_severity": null,
            "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-xmm4-zw49-3feh"
        }
    ],
    "risk_score": null,
    "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.2"
}

Package Instance