Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/54105?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/54105?format=api", "purl": "pkg:composer/moodle/moodle@3.0.10", "type": "composer", "namespace": "moodle", "name": "moodle", "version": "3.0.10", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "3.1.5", "latest_non_vulnerable_version": "5.1.2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39173?format=api", "vulnerability_id": "VCID-83kb-4mk9-t7ge", "summary": "Information Exposure\nStudents can find out email addresses of other students in the same course. Using search on the Participants page, students could search email addresses of all participants regardless of email visibility. This allows enumerating and guessing emails of other students.", "references": [ { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=361784", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=361784" }, { "reference_url": "http://www.securityfocus.com/bid/101909", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/101909" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15110", "reference_id": "CVE-2017-15110", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15110" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54108?format=api", "purl": "pkg:composer/moodle/moodle@3.1.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajkr-fxa1-mkhk" }, { "vulnerability": "VCID-duna-st9c-mqbk" }, { "vulnerability": "VCID-yghg-775s-vber" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/54109?format=api", "purl": "pkg:composer/moodle/moodle@3.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajkr-fxa1-mkhk" }, { "vulnerability": "VCID-duna-st9c-mqbk" }, { "vulnerability": "VCID-nc2j-pay7-ryab" }, { "vulnerability": "VCID-yghg-775s-vber" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/54110?format=api", "purl": "pkg:composer/moodle/moodle@3.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajkr-fxa1-mkhk" }, { "vulnerability": "VCID-duna-st9c-mqbk" }, { "vulnerability": "VCID-nc2j-pay7-ryab" }, { "vulnerability": "VCID-yghg-775s-vber" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.3" } ], "aliases": [ "CVE-2017-15110" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-83kb-4mk9-t7ge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38851?format=api", "vulnerability_id": "VCID-9nd7-4wve-97hc", "summary": "Information Exposure\nVarious course reports allow teachers to view details about users in the groups they cannot access.", "references": [ { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=358586", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=358586" }, { "reference_url": "http://www.securityfocus.com/bid/100848", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/100848" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12157", "reference_id": "CVE-2017-12157", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12157" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54106?format=api", "purl": "pkg:composer/moodle/moodle@3.1.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-83kb-4mk9-t7ge" }, { "vulnerability": "VCID-zgzm-wj81-jkah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/54107?format=api", "purl": "pkg:composer/moodle/moodle@3.2.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-83kb-4mk9-t7ge" }, { "vulnerability": "VCID-zgzm-wj81-jkah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/53785?format=api", "purl": "pkg:composer/moodle/moodle@3.3.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-83kb-4mk9-t7ge" }, { "vulnerability": "VCID-zgzm-wj81-jkah" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.2" } ], "aliases": [ "CVE-2017-12157" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9nd7-4wve-97hc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40471?format=api", "vulnerability_id": "VCID-bjnq-q2nd-1khp", "summary": "Cross-Site Request Forgery (CSRF)\nThe login form is not protected by a token to prevent login cross-site request forgery.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-63183", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-63183" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16854", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16854" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=378731", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=378731" }, { "reference_url": "http://www.securityfocus.com/bid/106017", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/106017" }, { "reference_url": "http://www.securitytracker.com/id/1042154", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securitytracker.com/id/1042154" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16854", "reference_id": "CVE-2018-16854", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-16854" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57083?format=api", "purl": "pkg:composer/moodle/moodle@3.1.15", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-336n-hpzg-euhd" }, { "vulnerability": "VCID-9t4u-n1pn-w3bd" }, { "vulnerability": "VCID-k73h-z6j8-gkgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/57084?format=api", "purl": "pkg:composer/moodle/moodle@3.3.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/57085?format=api", "purl": "pkg:composer/moodle/moodle@3.4.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-336n-hpzg-euhd" }, { "vulnerability": "VCID-k73h-z6j8-gkgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/57086?format=api", "purl": "pkg:composer/moodle/moodle@3.5.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-336n-hpzg-euhd" }, { "vulnerability": "VCID-k73h-z6j8-gkgz" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.3" } ], "aliases": [ "CVE-2018-16854" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-bjnq-q2nd-1khp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40834?format=api", "vulnerability_id": "VCID-k73h-z6j8-gkgz", "summary": "Information Exposure\nThe `/userpix/` page did not escape users' full names, which are included as text when hovering over profile images. Note this page is not linked to by default and its access is restricted.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64372", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64372" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3810", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3810" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=381230#p1536767", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=381230#p1536767" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3810", "reference_id": "CVE-2019-3810", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3810" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57634?format=api", "purl": "pkg:composer/moodle/moodle@3.1.16", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/57641?format=api", "purl": "pkg:composer/moodle/moodle@3.4.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/57642?format=api", "purl": "pkg:composer/moodle/moodle@3.5.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/57643?format=api", "purl": "pkg:composer/moodle/moodle@3.6.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.2" } ], "aliases": [ "CVE-2019-3810" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k73h-z6j8-gkgz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39536?format=api", "vulnerability_id": "VCID-m4zv-e3dn-budf", "summary": "Improper Access Control\nUnauthenticated users can trigger custom messages to admin via paypal enrol script. Paypal IPN callback script should only send error emails to admin after request origin was verified, otherwise admin email can be spammed.", "references": [ { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=367938", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=367938" }, { "reference_url": "http://www.securityfocus.com/bid/103728", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/103728" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1081", "reference_id": "CVE-2018-1081", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1081" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55318?format=api", "purl": "pkg:composer/moodle/moodle@3.1.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7br-bh2d-rygp" }, { "vulnerability": "VCID-ckg1-9vpt-yfdk" }, { "vulnerability": "VCID-fegs-ubsk-63hu" }, { "vulnerability": "VCID-g8ct-c4ce-zuaf" }, { "vulnerability": "VCID-p2gd-7uam-mqf8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/55319?format=api", "purl": "pkg:composer/moodle/moodle@3.2.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7br-bh2d-rygp" }, { "vulnerability": "VCID-ckg1-9vpt-yfdk" }, { "vulnerability": "VCID-fegs-ubsk-63hu" }, { "vulnerability": "VCID-g8ct-c4ce-zuaf" }, { "vulnerability": "VCID-p2gd-7uam-mqf8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/55320?format=api", "purl": "pkg:composer/moodle/moodle@3.3.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7br-bh2d-rygp" }, { "vulnerability": "VCID-ckg1-9vpt-yfdk" }, { "vulnerability": "VCID-fegs-ubsk-63hu" }, { "vulnerability": "VCID-g8ct-c4ce-zuaf" }, { "vulnerability": "VCID-p2gd-7uam-mqf8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/55321?format=api", "purl": "pkg:composer/moodle/moodle@3.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7br-bh2d-rygp" }, { "vulnerability": "VCID-ckg1-9vpt-yfdk" }, { "vulnerability": "VCID-fegs-ubsk-63hu" }, { "vulnerability": "VCID-g8ct-c4ce-zuaf" }, { "vulnerability": "VCID-p2gd-7uam-mqf8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.2" } ], "aliases": [ "CVE-2018-1081" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m4zv-e3dn-budf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40246?format=api", "vulnerability_id": "VCID-vfp6-4h8n-bkax", "summary": "Code Injection\nMoodle is vulnerable to an XML import of ddwtos could lead to intentional remote code execution. When importing legacy `drag and drop into text` (ddwtos) type quiz questions, it was possible to inject and execute PHP code from within the imported questions, either intentionally or by importing questions from an untrusted source.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-62880", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-62880" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14630", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14630" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=376023", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=376023" }, { "reference_url": "http://www.securityfocus.com/bid/105354", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/105354" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14630", "reference_id": "CVE-2018-14630", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-14630" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/56464?format=api", "purl": "pkg:composer/moodle/moodle@3.1.14", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.14" }, { "url": "http://public2.vulnerablecode.io/api/packages/56461?format=api", "purl": "pkg:composer/moodle/moodle@3.3.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/56462?format=api", "purl": "pkg:composer/moodle/moodle@3.4.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/56463?format=api", "purl": "pkg:composer/moodle/moodle@3.5.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.2" } ], "aliases": [ "CVE-2018-14630" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vfp6-4h8n-bkax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38850?format=api", "vulnerability_id": "VCID-zgzm-wj81-jkah", "summary": "Cross-site Scripting\nMoodle has an XSS in the contact form on the \"non-respondents\" page in non-anonymous feedback.", "references": [ { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=358585", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=358585" }, { "reference_url": "http://www.securityfocus.com/bid/100867", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/100867" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12156", "reference_id": "CVE-2017-12156", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12156" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54108?format=api", "purl": "pkg:composer/moodle/moodle@3.1.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajkr-fxa1-mkhk" }, { "vulnerability": "VCID-duna-st9c-mqbk" }, { "vulnerability": "VCID-yghg-775s-vber" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/54109?format=api", "purl": "pkg:composer/moodle/moodle@3.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajkr-fxa1-mkhk" }, { "vulnerability": "VCID-duna-st9c-mqbk" }, { "vulnerability": "VCID-nc2j-pay7-ryab" }, { "vulnerability": "VCID-yghg-775s-vber" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/54110?format=api", "purl": "pkg:composer/moodle/moodle@3.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajkr-fxa1-mkhk" }, { "vulnerability": "VCID-duna-st9c-mqbk" }, { "vulnerability": "VCID-nc2j-pay7-ryab" }, { "vulnerability": "VCID-yghg-775s-vber" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.3" } ], "aliases": [ "CVE-2017-12156" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zgzm-wj81-jkah" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.10" }