Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/moodle/moodle@3.1.1
Typecomposer
Namespacemoodle
Namemoodle
Version3.1.1
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.1.5
Latest_non_vulnerable_version5.1.2
Affected_by_vulnerabilities
0
url VCID-vb67-yux5-ayhf
vulnerability_id VCID-vb67-yux5-ayhf
summary 
Weak Password Recovery Mechanism for Forgotten Password
In Moodle, web service tokens are not invalidated when the user password is changed or forced to be changed.
references
0
reference_url https://moodle.org/mod/forum/discuss.php?d=339631
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=339631
1
reference_url http://www.securityfocus.com/bid/93174
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/93174
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-7038
reference_id CVE-2016-7038
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2016-7038
fixed_packages
0
url pkg:composer/moodle/moodle@3.1.2
purl pkg:composer/moodle/moodle@3.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-k1bh-ymgt-e7cd
1
vulnerability VCID-v54t-5thx-1beu
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.2
aliases CVE-2016-7038
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vb67-yux5-ayhf
Fixing_vulnerabilities
0
url VCID-edf3-ktcc-gydc
vulnerability_id VCID-edf3-ktcc-gydc
summary 
Information Exposure
In Moodle, glossary search displays entries without checking user permissions to view them.
references
0
reference_url https://moodle.org/mod/forum/discuss.php?d=336697
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=336697
1
reference_url http://www.securityfocus.com/bid/92041
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/92041
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-5012
reference_id CVE-2016-5012
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2016-5012
fixed_packages
0
url pkg:composer/moodle/moodle@3.1.1
purl pkg:composer/moodle/moodle@3.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vb67-yux5-ayhf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.1
aliases CVE-2016-5012
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-edf3-ktcc-gydc
1
url VCID-fsex-f512-pudv
vulnerability_id VCID-fsex-f512-pudv
summary 
Injection Vulnerability
In Moodle, text injection can occur in email headers, potentially leading to outbound spam.
references
0
reference_url https://moodle.org/mod/forum/discuss.php?d=336698
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=336698
1
reference_url http://www.securityfocus.com/bid/92040
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/92040
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-5013
reference_id CVE-2016-5013
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2016-5013
fixed_packages
0
url pkg:composer/moodle/moodle@2.7.15
purl pkg:composer/moodle/moodle@2.7.15
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vb67-yux5-ayhf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.15
1
url pkg:composer/moodle/moodle@2.9.7
purl pkg:composer/moodle/moodle@2.9.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vb67-yux5-ayhf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.7
2
url pkg:composer/moodle/moodle@3.0.5
purl pkg:composer/moodle/moodle@3.0.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vb67-yux5-ayhf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.5
3
url pkg:composer/moodle/moodle@3.1.1
purl pkg:composer/moodle/moodle@3.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vb67-yux5-ayhf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.1
aliases CVE-2016-5013
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fsex-f512-pudv
2
url VCID-qtt4-455b-abb6
vulnerability_id VCID-qtt4-455b-abb6
summary 
Exposure of Sensitive Information to an Unauthorized Actor
In Moodle 2.x and 3.x, an unenrolled user still receives event monitor notifications even though they can no longer access the course.
references
0
reference_url https://github.com/moodle/moodle/commit/ea106d2a1dbc633a22f12a119763b2af5f33542b
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/ea106d2a1dbc633a22f12a119763b2af5f33542b
1
reference_url https://moodle.org/mod/forum/discuss.php?d=336699
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=336699
2
reference_url https://web.archive.org/web/20210123154548/http://www.securityfocus.com/bid/92042
reference_id
reference_type
scores
url https://web.archive.org/web/20210123154548/http://www.securityfocus.com/bid/92042
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-5014
reference_id CVE-2016-5014
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2016-5014
4
reference_url https://github.com/advisories/GHSA-c4cq-v4wp-28hg
reference_id GHSA-c4cq-v4wp-28hg
reference_type
scores
url https://github.com/advisories/GHSA-c4cq-v4wp-28hg
fixed_packages
0
url pkg:composer/moodle/moodle@2.9.7
purl pkg:composer/moodle/moodle@2.9.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vb67-yux5-ayhf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.7
1
url pkg:composer/moodle/moodle@3.0.5
purl pkg:composer/moodle/moodle@3.0.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vb67-yux5-ayhf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.5
2
url pkg:composer/moodle/moodle@3.1.1
purl pkg:composer/moodle/moodle@3.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vb67-yux5-ayhf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.1
aliases CVE-2016-5014, GHSA-c4cq-v4wp-28hg
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qtt4-455b-abb6
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.1