Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/53200?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/53200?format=api", "purl": "pkg:composer/moodle/moodle@3.2.0", "type": "composer", "namespace": "moodle", "name": "moodle", "version": "3.2.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "3.2.9", "latest_non_vulnerable_version": "5.1.2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38613?format=api", "vulnerability_id": "VCID-2dxb-v1af-jbax", "summary": "Cross-Site Request Forgery (CSRF)\nA CSRF attack is possible that allows attackers to change the \"number of courses displayed in the course overview block\" configuration setting.", "references": [ { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=352355", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=352355" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7491", "reference_id": "CVE-2017-7491", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7491" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53398?format=api", "purl": "pkg:composer/moodle/moodle@3.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q2fa-jymp-c3bb" }, { "vulnerability": "VCID-yp82-zj5g-pbaf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.3" } ], "aliases": [ "CVE-2017-7491" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2dxb-v1af-jbax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38525?format=api", "vulnerability_id": "VCID-2qjr-wjh1-8fh6", "summary": "Information Exposure\nIn Moodle global search displays user names for unauthenticated users.", "references": [ { "reference_url": "http://www.securityfocus.com/bid/96978", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/96978" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2643", "reference_id": "CVE-2017-2643", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2643" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53388?format=api", "purl": "pkg:composer/moodle/moodle@3.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2dxb-v1af-jbax" }, { "vulnerability": "VCID-5rbf-4dz3-2qdz" }, { "vulnerability": "VCID-b1q7-u3cx-ukej" }, { "vulnerability": "VCID-vtq4-fpr8-hudb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.2" } ], "aliases": [ "CVE-2017-2643" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2qjr-wjh1-8fh6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38615?format=api", "vulnerability_id": "VCID-5rbf-4dz3-2qdz", "summary": "Improper Privilege Management\nRemote authenticated users can take ownership of arbitrary blogs by editing an external blog link.", "references": [ { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=352353", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=352353" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7489", "reference_id": "CVE-2017-7489", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7489" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53398?format=api", "purl": "pkg:composer/moodle/moodle@3.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q2fa-jymp-c3bb" }, { "vulnerability": "VCID-yp82-zj5g-pbaf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.3" } ], "aliases": [ "CVE-2017-7489" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5rbf-4dz3-2qdz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38453?format=api", "vulnerability_id": "VCID-65y9-9ur2-pugc", "summary": "Improper Input Validation\nThere is incorrect sanitization of attributes in forums.", "references": [ { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=345912", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=345912" }, { "reference_url": "http://www.securityfocus.com/bid/95649", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/95649" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2576", "reference_id": "CVE-2017-2576", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2576" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53202?format=api", "purl": "pkg:composer/moodle/moodle@3.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2qjr-wjh1-8fh6" }, { "vulnerability": "VCID-dhku-uah4-ykh8" }, { "vulnerability": "VCID-jn5n-6hg9-tyf7" }, { "vulnerability": "VCID-x927-nh46-7fdy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.1" } ], "aliases": [ "CVE-2017-2576" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-65y9-9ur2-pugc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39173?format=api", "vulnerability_id": "VCID-83kb-4mk9-t7ge", "summary": "Information Exposure\nStudents can find out email addresses of other students in the same course. Using search on the Participants page, students could search email addresses of all participants regardless of email visibility. This allows enumerating and guessing emails of other students.", "references": [ { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=361784", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=361784" }, { "reference_url": "http://www.securityfocus.com/bid/101909", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/101909" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15110", "reference_id": "CVE-2017-15110", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15110" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54109?format=api", "purl": "pkg:composer/moodle/moodle@3.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajkr-fxa1-mkhk" }, { "vulnerability": "VCID-duna-st9c-mqbk" }, { "vulnerability": "VCID-nc2j-pay7-ryab" }, { "vulnerability": "VCID-yghg-775s-vber" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/54110?format=api", "purl": "pkg:composer/moodle/moodle@3.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajkr-fxa1-mkhk" }, { "vulnerability": "VCID-duna-st9c-mqbk" }, { "vulnerability": "VCID-nc2j-pay7-ryab" }, { "vulnerability": "VCID-yghg-775s-vber" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.3" } ], "aliases": [ "CVE-2017-15110" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-83kb-4mk9-t7ge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38851?format=api", "vulnerability_id": "VCID-9nd7-4wve-97hc", "summary": "Information Exposure\nVarious course reports allow teachers to view details about users in the groups they cannot access.", "references": [ { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=358586", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=358586" }, { "reference_url": "http://www.securityfocus.com/bid/100848", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/100848" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12157", "reference_id": "CVE-2017-12157", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12157" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54107?format=api", "purl": "pkg:composer/moodle/moodle@3.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-83kb-4mk9-t7ge" }, { "vulnerability": "VCID-zgzm-wj81-jkah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/53785?format=api", "purl": "pkg:composer/moodle/moodle@3.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-83kb-4mk9-t7ge" }, { "vulnerability": "VCID-zgzm-wj81-jkah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.2" } ], "aliases": [ "CVE-2017-12157" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9nd7-4wve-97hc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39322?format=api", "vulnerability_id": "VCID-ajkr-fxa1-mkhk", "summary": "Cross-site Scripting\nMoodle is vulnerable to XSS via a calendar event name.", "references": [ { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=364384", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=364384" }, { "reference_url": "http://www.securityfocus.com/bid/102755", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/102755" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1045", "reference_id": "CVE-2018-1045", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1045" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54886?format=api", "purl": "pkg:composer/moodle/moodle@3.2.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-m4zv-e3dn-budf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/54887?format=api", "purl": "pkg:composer/moodle/moodle@3.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fygy-9njn-abgd" }, { "vulnerability": "VCID-m4zv-e3dn-budf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.4" } ], "aliases": [ "CVE-2018-1045" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ajkr-fxa1-mkhk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39653?format=api", "vulnerability_id": "VCID-b7br-bh2d-rygp", "summary": "Improper Input Validation\nAn issue was discovered in Moodle. By substituting URLs in portfolios, users can instantiate any class. This can also be exploited by users who are logged in as guests to create a DDoS attack.", "references": [ { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=371204", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=371204" }, { "reference_url": "http://www.securityfocus.com/bid/104307", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/104307" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1137", "reference_id": "CVE-2018-1137", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1137" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55491?format=api", "purl": "pkg:composer/moodle/moodle@3.2.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/55492?format=api", "purl": "pkg:composer/moodle/moodle@3.3.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/55493?format=api", "purl": "pkg:composer/moodle/moodle@3.4.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.3" } ], "aliases": [ "CVE-2018-1137" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b7br-bh2d-rygp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39655?format=api", "vulnerability_id": "VCID-ckg1-9vpt-yfdk", "summary": "Improper Privilege Management\nAn issue was discovered in Moodle. Students who submitted assignments and exported them to portfolios can download any stored Moodle file by changing the download URL.", "references": [ { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=371200", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=371200" }, { "reference_url": "http://www.securityfocus.com/bid/104307", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/104307" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1134", "reference_id": "CVE-2018-1134", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1134" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55491?format=api", "purl": "pkg:composer/moodle/moodle@3.2.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/55492?format=api", "purl": "pkg:composer/moodle/moodle@3.3.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/55493?format=api", "purl": "pkg:composer/moodle/moodle@3.4.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.3" } ], "aliases": [ "CVE-2018-1134" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ckg1-9vpt-yfdk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38523?format=api", "vulnerability_id": "VCID-dhku-uah4-ykh8", "summary": "SQL Injection\nAn SQL injection can occur via user preferences.", "references": [ { "reference_url": "http://www.securityfocus.com/bid/96977", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/96977" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2641", "reference_id": "CVE-2017-2641", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2641" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53388?format=api", "purl": "pkg:composer/moodle/moodle@3.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2dxb-v1af-jbax" }, { "vulnerability": "VCID-5rbf-4dz3-2qdz" }, { "vulnerability": "VCID-b1q7-u3cx-ukej" }, { "vulnerability": "VCID-vtq4-fpr8-hudb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.2" } ], "aliases": [ "CVE-2017-2641" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-dhku-uah4-ykh8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39325?format=api", "vulnerability_id": "VCID-duna-st9c-mqbk", "summary": "Information Exposure\nIn Moodle, the quiz web services allow students to see quiz results when it is prohibited in the settings.", "references": [ { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=364383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=364383" }, { "reference_url": "http://www.securityfocus.com/bid/102754", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/102754" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1044", "reference_id": "CVE-2018-1044", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1044" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54886?format=api", "purl": "pkg:composer/moodle/moodle@3.2.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-m4zv-e3dn-budf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/54887?format=api", "purl": "pkg:composer/moodle/moodle@3.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fygy-9njn-abgd" }, { "vulnerability": "VCID-m4zv-e3dn-budf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/54896?format=api", "purl": "pkg:composer/moodle/moodle@3.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fygy-9njn-abgd" }, { "vulnerability": "VCID-m4zv-e3dn-budf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.1" } ], "aliases": [ "CVE-2018-1044" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-duna-st9c-mqbk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38451?format=api", "vulnerability_id": "VCID-e2zc-7ujn-wybu", "summary": "Cross-site Scripting\nThere is XSS in the assignment submission page.", "references": [ { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=345915", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=345915" }, { "reference_url": "http://www.securityfocus.com/bid/95647", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/95647" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2578", "reference_id": "CVE-2017-2578", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2578" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53202?format=api", "purl": "pkg:composer/moodle/moodle@3.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2qjr-wjh1-8fh6" }, { "vulnerability": "VCID-dhku-uah4-ykh8" }, { "vulnerability": "VCID-jn5n-6hg9-tyf7" }, { "vulnerability": "VCID-x927-nh46-7fdy" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.1" } ], "aliases": [ "CVE-2017-2578" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e2zc-7ujn-wybu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39657?format=api", "vulnerability_id": "VCID-fegs-ubsk-63hu", "summary": "Information Exposure\nAn issue was discovered in Moodle. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL.", "references": [ { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=371201", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=371201" }, { "reference_url": "http://www.securityfocus.com/bid/104307", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/104307" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1135", "reference_id": "CVE-2018-1135", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1135" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55491?format=api", "purl": "pkg:composer/moodle/moodle@3.2.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/55492?format=api", "purl": "pkg:composer/moodle/moodle@3.3.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/55493?format=api", "purl": "pkg:composer/moodle/moodle@3.4.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.3" } ], "aliases": [ "CVE-2018-1135" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fegs-ubsk-63hu" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39656?format=api", "vulnerability_id": "VCID-g8ct-c4ce-zuaf", "summary": "Cross-site Scripting\nAn issue was discovered in Moodle. An authenticated user is allowed to add HTML blocks containing scripts to their Dashboard; this is normally not a security issue because a personal dashboard is visible to this user only. Through this security vulnerability, users can move such a block to other pages where they can be viewed by other users.", "references": [ { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=371202", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=371202" }, { "reference_url": "http://www.securityfocus.com/bid/104307", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/104307" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1136", "reference_id": "CVE-2018-1136", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1136" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55491?format=api", "purl": "pkg:composer/moodle/moodle@3.2.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/55492?format=api", "purl": "pkg:composer/moodle/moodle@3.3.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/55493?format=api", "purl": "pkg:composer/moodle/moodle@3.4.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.3" } ], "aliases": [ "CVE-2018-1136" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g8ct-c4ce-zuaf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38522?format=api", "vulnerability_id": "VCID-jn5n-6hg9-tyf7", "summary": "Cross-site Scripting\nAn XSS can occur via evidence of prior learning.", "references": [ { "reference_url": "http://www.securityfocus.com/bid/96979", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/96979" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2644", "reference_id": "CVE-2017-2644", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2644" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53388?format=api", "purl": "pkg:composer/moodle/moodle@3.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2dxb-v1af-jbax" }, { "vulnerability": "VCID-5rbf-4dz3-2qdz" }, { "vulnerability": "VCID-b1q7-u3cx-ukej" }, { "vulnerability": "VCID-vtq4-fpr8-hudb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.2" } ], "aliases": [ "CVE-2017-2644" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jn5n-6hg9-tyf7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39536?format=api", "vulnerability_id": "VCID-m4zv-e3dn-budf", "summary": "Improper Access Control\nUnauthenticated users can trigger custom messages to admin via paypal enrol script. Paypal IPN callback script should only send error emails to admin after request origin was verified, otherwise admin email can be spammed.", "references": [ { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=367938", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=367938" }, { "reference_url": "http://www.securityfocus.com/bid/103728", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/103728" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1081", "reference_id": "CVE-2018-1081", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1081" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55319?format=api", "purl": "pkg:composer/moodle/moodle@3.2.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7br-bh2d-rygp" }, { "vulnerability": "VCID-ckg1-9vpt-yfdk" }, { "vulnerability": "VCID-fegs-ubsk-63hu" }, { "vulnerability": "VCID-g8ct-c4ce-zuaf" }, { "vulnerability": "VCID-p2gd-7uam-mqf8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/55320?format=api", "purl": "pkg:composer/moodle/moodle@3.3.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7br-bh2d-rygp" }, { "vulnerability": "VCID-ckg1-9vpt-yfdk" }, { "vulnerability": "VCID-fegs-ubsk-63hu" }, { "vulnerability": "VCID-g8ct-c4ce-zuaf" }, { "vulnerability": "VCID-p2gd-7uam-mqf8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/55321?format=api", "purl": "pkg:composer/moodle/moodle@3.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7br-bh2d-rygp" }, { "vulnerability": "VCID-ckg1-9vpt-yfdk" }, { "vulnerability": "VCID-fegs-ubsk-63hu" }, { "vulnerability": "VCID-g8ct-c4ce-zuaf" }, { "vulnerability": "VCID-p2gd-7uam-mqf8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.2" } ], "aliases": [ "CVE-2018-1081" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m4zv-e3dn-budf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39328?format=api", "vulnerability_id": "VCID-nc2j-pay7-ryab", "summary": "Insufficient Access Control\nThe setting for blocked hosts list can be bypassed with multiple A record `hostnames`.", "references": [ { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=364382", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=364382" }, { "reference_url": "http://www.securityfocus.com/bid/102769", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/102769" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1043", "reference_id": "CVE-2018-1043", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1043" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54886?format=api", "purl": "pkg:composer/moodle/moodle@3.2.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-m4zv-e3dn-budf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/54887?format=api", "purl": "pkg:composer/moodle/moodle@3.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fygy-9njn-abgd" }, { "vulnerability": "VCID-m4zv-e3dn-budf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/54896?format=api", "purl": "pkg:composer/moodle/moodle@3.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fygy-9njn-abgd" }, { "vulnerability": "VCID-m4zv-e3dn-budf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.1" } ], "aliases": [ "CVE-2018-1043" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nc2j-pay7-ryab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39654?format=api", "vulnerability_id": "VCID-p2gd-7uam-mqf8", "summary": "Injection Vulnerability\nAn issue was discovered in Moodle. A Teacher creating a Calculated question can intentionally cause remote code execution on the server.", "references": [ { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=371199", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=371199" }, { "reference_url": "https://www.exploit-db.com/exploits/46551/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.exploit-db.com/exploits/46551/" }, { "reference_url": "http://www.securityfocus.com/bid/104307", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/104307" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1133", "reference_id": "CVE-2018-1133", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1133" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55491?format=api", "purl": "pkg:composer/moodle/moodle@3.2.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/55492?format=api", "purl": "pkg:composer/moodle/moodle@3.3.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/55493?format=api", "purl": "pkg:composer/moodle/moodle@3.4.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.3" } ], "aliases": [ "CVE-2018-1133" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-p2gd-7uam-mqf8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38688?format=api", "vulnerability_id": "VCID-q2fa-jymp-c3bb", "summary": "Information Exposure\nMoodle has a user fullname disclosure through the user preferences page.", "references": [ { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=355554", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=355554" }, { "reference_url": "http://www.securityfocus.com/bid/99606", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/99606" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2642", "reference_id": "CVE-2017-2642", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2642" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53784?format=api", "purl": "pkg:composer/moodle/moodle@3.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nd7-4wve-97hc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/53785?format=api", "purl": "pkg:composer/moodle/moodle@3.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-83kb-4mk9-t7ge" }, { "vulnerability": "VCID-zgzm-wj81-jkah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.2" } ], "aliases": [ "CVE-2017-2642" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-q2fa-jymp-c3bb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38612?format=api", "vulnerability_id": "VCID-vtq4-fpr8-hudb", "summary": "Exposure of Resource to Wrong Sphere\nIn Moodle, searching of arbitrary blogs is possible because a capability check is missing.", "references": [ { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=352354", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=352354" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7490", "reference_id": "CVE-2017-7490", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7490" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53398?format=api", "purl": "pkg:composer/moodle/moodle@3.2.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-q2fa-jymp-c3bb" }, { "vulnerability": "VCID-yp82-zj5g-pbaf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.3" } ], "aliases": [ "CVE-2017-7490" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vtq4-fpr8-hudb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38524?format=api", "vulnerability_id": "VCID-x927-nh46-7fdy", "summary": "Cross-site Scripting\nIn Moodle, an XSS can occur via attachments to evidence of prior learning.", "references": [ { "reference_url": "http://www.securityfocus.com/bid/96982", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/96982" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2645", "reference_id": "CVE-2017-2645", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-2645" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53388?format=api", "purl": "pkg:composer/moodle/moodle@3.2.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2dxb-v1af-jbax" }, { "vulnerability": "VCID-5rbf-4dz3-2qdz" }, { "vulnerability": "VCID-b1q7-u3cx-ukej" }, { "vulnerability": "VCID-vtq4-fpr8-hudb" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.2" } ], "aliases": [ "CVE-2017-2645" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x927-nh46-7fdy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39329?format=api", "vulnerability_id": "VCID-yghg-775s-vber", "summary": "Server-Side Request Forgery (SSRF)\nMoodle has Server Side Request Forgery in the `filepicker`.", "references": [ { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=364381", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=364381" }, { "reference_url": "http://www.securityfocus.com/bid/102752", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/102752" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1042", "reference_id": "CVE-2018-1042", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1042" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54886?format=api", "purl": "pkg:composer/moodle/moodle@3.2.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-m4zv-e3dn-budf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/54887?format=api", "purl": "pkg:composer/moodle/moodle@3.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fygy-9njn-abgd" }, { "vulnerability": "VCID-m4zv-e3dn-budf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/54896?format=api", "purl": "pkg:composer/moodle/moodle@3.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fygy-9njn-abgd" }, { "vulnerability": "VCID-m4zv-e3dn-budf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.1" } ], "aliases": [ "CVE-2018-1042" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yghg-775s-vber" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38681?format=api", "vulnerability_id": "VCID-yp82-zj5g-pbaf", "summary": "Improper Privilege Management\nCourse creators are able to change system default settings for courses.", "references": [ { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=355556", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=355556" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7532", "reference_id": "CVE-2017-7532", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-7532" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/53784?format=api", "purl": "pkg:composer/moodle/moodle@3.2.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-9nd7-4wve-97hc" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/53785?format=api", "purl": "pkg:composer/moodle/moodle@3.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-83kb-4mk9-t7ge" }, { "vulnerability": "VCID-zgzm-wj81-jkah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.2" } ], "aliases": [ "CVE-2017-7532" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yp82-zj5g-pbaf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38850?format=api", "vulnerability_id": "VCID-zgzm-wj81-jkah", "summary": "Cross-site Scripting\nMoodle has an XSS in the contact form on the \"non-respondents\" page in non-anonymous feedback.", "references": [ { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=358585", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=358585" }, { "reference_url": "http://www.securityfocus.com/bid/100867", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/100867" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12156", "reference_id": "CVE-2017-12156", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12156" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54109?format=api", "purl": "pkg:composer/moodle/moodle@3.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajkr-fxa1-mkhk" }, { "vulnerability": "VCID-duna-st9c-mqbk" }, { "vulnerability": "VCID-nc2j-pay7-ryab" }, { "vulnerability": "VCID-yghg-775s-vber" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/54110?format=api", "purl": "pkg:composer/moodle/moodle@3.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajkr-fxa1-mkhk" }, { "vulnerability": "VCID-duna-st9c-mqbk" }, { "vulnerability": "VCID-nc2j-pay7-ryab" }, { "vulnerability": "VCID-yghg-775s-vber" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.3" } ], "aliases": [ "CVE-2017-12156" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zgzm-wj81-jkah" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.0" }