Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/moodle/moodle@2.7.17

Type composer

Namespace moodle

Name moodle

Version 2.7.17

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 2.7.19

Latest_non_vulnerable_version 5.1.2

Affected_by_vulnerabilities

url VCID-65y9-9ur2-pugc

vulnerability_id VCID-65y9-9ur2-pugc

summary

Improper Input Validation
There is incorrect sanitization of attributes in forums.

references

reference_url	https://moodle.org/mod/forum/discuss.php?d=345912
reference_id
reference_type
scores
url	https://moodle.org/mod/forum/discuss.php?d=345912

reference_url	http://www.securityfocus.com/bid/95649
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/95649

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2017-2576
reference_id	CVE-2017-2576
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2017-2576

fixed_packages

url pkg:composer/moodle/moodle@2.7.18

purl pkg:composer/moodle/moodle@2.7.18

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2dxb-v1af-jbax

vulnerability	VCID-5rbf-4dz3-2qdz

vulnerability	VCID-dhku-uah4-ykh8

vulnerability	VCID-vtq4-fpr8-hudb

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.18

url pkg:composer/moodle/moodle@3.0.8

purl pkg:composer/moodle/moodle@3.0.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2dxb-v1af-jbax

vulnerability	VCID-5rbf-4dz3-2qdz

vulnerability	VCID-dhku-uah4-ykh8

vulnerability	VCID-vtq4-fpr8-hudb

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.8

url pkg:composer/moodle/moodle@3.1.4

purl pkg:composer/moodle/moodle@3.1.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2dxb-v1af-jbax

vulnerability	VCID-5rbf-4dz3-2qdz

vulnerability	VCID-dhku-uah4-ykh8

vulnerability	VCID-jn5n-6hg9-tyf7

vulnerability	VCID-vtq4-fpr8-hudb

vulnerability	VCID-x927-nh46-7fdy

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.4

url pkg:composer/moodle/moodle@3.2.1

purl pkg:composer/moodle/moodle@3.2.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2qjr-wjh1-8fh6

vulnerability	VCID-dhku-uah4-ykh8

vulnerability	VCID-jn5n-6hg9-tyf7

vulnerability	VCID-x927-nh46-7fdy

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.1

aliases CVE-2017-2576

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-65y9-9ur2-pugc

Fixing_vulnerabilities

url VCID-v54t-5thx-1beu

vulnerability_id VCID-v54t-5thx-1beu

summary

Improper Access Control
In Moodle 2.x and 3.x, the question engine allows access to files that should not be available.

references

reference_url	https://github.com/moodle/moodle/commit/cf0b9432d81ba9d5763e4894f82c95ca9fbf548f
reference_id
reference_type
scores
url	https://github.com/moodle/moodle/commit/cf0b9432d81ba9d5763e4894f82c95ca9fbf548f

reference_url	https://moodle.org/mod/forum/discuss.php?d=343275
reference_id
reference_type
scores
url	https://moodle.org/mod/forum/discuss.php?d=343275

reference_url	https://web.archive.org/web/20210123193602/http://www.securityfocus.com/bid/94441
reference_id
reference_type
scores
url	https://web.archive.org/web/20210123193602/http://www.securityfocus.com/bid/94441

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2016-8642
reference_id	CVE-2016-8642
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2016-8642

reference_url	https://github.com/advisories/GHSA-x32v-7qw8-cpq8
reference_id	GHSA-x32v-7qw8-cpq8
reference_type
scores
url	https://github.com/advisories/GHSA-x32v-7qw8-cpq8

fixed_packages

url pkg:composer/moodle/moodle@2.7.17

purl pkg:composer/moodle/moodle@2.7.17

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-65y9-9ur2-pugc

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.17

url pkg:composer/moodle/moodle@2.9.9

purl pkg:composer/moodle/moodle@2.9.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-65y9-9ur2-pugc

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.9

url pkg:composer/moodle/moodle@3.0.7

purl pkg:composer/moodle/moodle@3.0.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-65y9-9ur2-pugc

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.7

url pkg:composer/moodle/moodle@3.1.3

purl pkg:composer/moodle/moodle@3.1.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-65y9-9ur2-pugc

vulnerability	VCID-e2zc-7ujn-wybu

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.3

aliases CVE-2016-8642, GHSA-x32v-7qw8-cpq8

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v54t-5thx-1beu

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.17

Package Instance