Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/moodle/moodle@3.0.6

Type composer

Namespace moodle

Name moodle

Version 3.0.6

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 3.0.9

Latest_non_vulnerable_version 5.1.2

Affected_by_vulnerabilities

url VCID-v54t-5thx-1beu

vulnerability_id VCID-v54t-5thx-1beu

summary

Improper Access Control
In Moodle 2.x and 3.x, the question engine allows access to files that should not be available.

references

reference_url

https://github.com/moodle/moodle

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle

reference_url

https://github.com/moodle/moodle/commit/cf0b9432d81ba9d5763e4894f82c95ca9fbf548f

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle/commit/cf0b9432d81ba9d5763e4894f82c95ca9fbf548f

reference_url

https://moodle.org/mod/forum/discuss.php?d=343275

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://moodle.org/mod/forum/discuss.php?d=343275

reference_url

https://web.archive.org/web/20210123193602/http://www.securityfocus.com/bid/94441

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://web.archive.org/web/20210123193602/http://www.securityfocus.com/bid/94441

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-8642

reference_id

CVE-2016-8642

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

value	MODERATE
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-8642

reference_url	https://github.com/advisories/GHSA-x32v-7qw8-cpq8
reference_id	GHSA-x32v-7qw8-cpq8
reference_type
scores
url	https://github.com/advisories/GHSA-x32v-7qw8-cpq8

fixed_packages

url pkg:composer/moodle/moodle@3.0.7

purl pkg:composer/moodle/moodle@3.0.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-65y9-9ur2-pugc

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.7

url pkg:composer/moodle/moodle@3.1.3

purl pkg:composer/moodle/moodle@3.1.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-e2zc-7ujn-wybu

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.3

aliases CVE-2016-8642, GHSA-x32v-7qw8-cpq8

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v54t-5thx-1beu

Fixing_vulnerabilities

url VCID-vb67-yux5-ayhf

vulnerability_id VCID-vb67-yux5-ayhf

summary

Weak Password Recovery Mechanism for Forgotten Password
In Moodle, web service tokens are not invalidated when the user password is changed or forced to be changed.

references

reference_url

https://github.com/moodle/moodle

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://github.com/moodle/moodle

reference_url

https://moodle.org/mod/forum/discuss.php?d=339631

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://moodle.org/mod/forum/discuss.php?d=339631

reference_url

http://www.securityfocus.com/bid/93174

reference_id

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

http://www.securityfocus.com/bid/93174

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2016-7038

reference_id

CVE-2016-7038

reference_type

scores

value	7.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

value	HIGH
scoring_system	generic_textual
scoring_elements

url

https://nvd.nist.gov/vuln/detail/CVE-2016-7038

fixed_packages

url pkg:composer/moodle/moodle@2.7.16

purl pkg:composer/moodle/moodle@2.7.16

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-v54t-5thx-1beu

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.16

url pkg:composer/moodle/moodle@2.9.8

purl pkg:composer/moodle/moodle@2.9.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-v54t-5thx-1beu

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.8

url pkg:composer/moodle/moodle@3.0.6

purl pkg:composer/moodle/moodle@3.0.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-v54t-5thx-1beu

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.6

url pkg:composer/moodle/moodle@3.1.2

purl pkg:composer/moodle/moodle@3.1.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-k1bh-ymgt-e7cd

vulnerability	VCID-v54t-5thx-1beu

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.2

aliases CVE-2016-7038, GHSA-2phx-w35g-x9vm

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vb67-yux5-ayhf

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.6

Package Instance