Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/54110?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/54110?format=api", "purl": "pkg:composer/moodle/moodle@3.3.3", "type": "composer", "namespace": "moodle", "name": "moodle", "version": "3.3.3", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "3.3.6", "latest_non_vulnerable_version": "5.1.2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39322?format=api", "vulnerability_id": "VCID-ajkr-fxa1-mkhk", "summary": "Cross-site Scripting\nMoodle is vulnerable to XSS via a calendar event name.", "references": [ { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=364384", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=364384" }, { "reference_url": "http://www.securityfocus.com/bid/102755", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/102755" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1045", "reference_id": "CVE-2018-1045", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1045" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54887?format=api", "purl": "pkg:composer/moodle/moodle@3.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fygy-9njn-abgd" }, { "vulnerability": "VCID-m4zv-e3dn-budf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.4" } ], "aliases": [ "CVE-2018-1045" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-ajkr-fxa1-mkhk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39325?format=api", "vulnerability_id": "VCID-duna-st9c-mqbk", "summary": "Information Exposure\nIn Moodle, the quiz web services allow students to see quiz results when it is prohibited in the settings.", "references": [ { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=364383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=364383" }, { "reference_url": "http://www.securityfocus.com/bid/102754", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/102754" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1044", "reference_id": "CVE-2018-1044", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1044" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54887?format=api", "purl": "pkg:composer/moodle/moodle@3.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fygy-9njn-abgd" }, { "vulnerability": "VCID-m4zv-e3dn-budf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/54896?format=api", "purl": "pkg:composer/moodle/moodle@3.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fygy-9njn-abgd" }, { "vulnerability": "VCID-m4zv-e3dn-budf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.1" } ], "aliases": [ "CVE-2018-1044" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-duna-st9c-mqbk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39328?format=api", "vulnerability_id": "VCID-nc2j-pay7-ryab", "summary": "Insufficient Access Control\nThe setting for blocked hosts list can be bypassed with multiple A record `hostnames`.", "references": [ { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=364382", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=364382" }, { "reference_url": "http://www.securityfocus.com/bid/102769", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/102769" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1043", "reference_id": "CVE-2018-1043", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1043" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54887?format=api", "purl": "pkg:composer/moodle/moodle@3.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fygy-9njn-abgd" }, { "vulnerability": "VCID-m4zv-e3dn-budf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/54896?format=api", "purl": "pkg:composer/moodle/moodle@3.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fygy-9njn-abgd" }, { "vulnerability": "VCID-m4zv-e3dn-budf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.1" } ], "aliases": [ "CVE-2018-1043" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nc2j-pay7-ryab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39329?format=api", "vulnerability_id": "VCID-yghg-775s-vber", "summary": "Server-Side Request Forgery (SSRF)\nMoodle has Server Side Request Forgery in the `filepicker`.", "references": [ { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=364381", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=364381" }, { "reference_url": "http://www.securityfocus.com/bid/102752", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/102752" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1042", "reference_id": "CVE-2018-1042", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1042" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54887?format=api", "purl": "pkg:composer/moodle/moodle@3.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fygy-9njn-abgd" }, { "vulnerability": "VCID-m4zv-e3dn-budf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/54896?format=api", "purl": "pkg:composer/moodle/moodle@3.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fygy-9njn-abgd" }, { "vulnerability": "VCID-m4zv-e3dn-budf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.1" } ], "aliases": [ "CVE-2018-1042" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yghg-775s-vber" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39173?format=api", "vulnerability_id": "VCID-83kb-4mk9-t7ge", "summary": "Information Exposure\nStudents can find out email addresses of other students in the same course. Using search on the Participants page, students could search email addresses of all participants regardless of email visibility. This allows enumerating and guessing emails of other students.", "references": [ { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=361784", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=361784" }, { "reference_url": "http://www.securityfocus.com/bid/101909", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/101909" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15110", "reference_id": "CVE-2017-15110", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-15110" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54108?format=api", "purl": "pkg:composer/moodle/moodle@3.1.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajkr-fxa1-mkhk" }, { "vulnerability": "VCID-duna-st9c-mqbk" }, { "vulnerability": "VCID-yghg-775s-vber" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/54109?format=api", "purl": "pkg:composer/moodle/moodle@3.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajkr-fxa1-mkhk" }, { "vulnerability": "VCID-duna-st9c-mqbk" }, { "vulnerability": "VCID-nc2j-pay7-ryab" }, { "vulnerability": "VCID-yghg-775s-vber" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/54110?format=api", "purl": "pkg:composer/moodle/moodle@3.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajkr-fxa1-mkhk" }, { "vulnerability": "VCID-duna-st9c-mqbk" }, { "vulnerability": "VCID-nc2j-pay7-ryab" }, { "vulnerability": "VCID-yghg-775s-vber" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.3" } ], "aliases": [ "CVE-2017-15110" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-83kb-4mk9-t7ge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/38850?format=api", "vulnerability_id": "VCID-zgzm-wj81-jkah", "summary": "Cross-site Scripting\nMoodle has an XSS in the contact form on the \"non-respondents\" page in non-anonymous feedback.", "references": [ { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=358585", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=358585" }, { "reference_url": "http://www.securityfocus.com/bid/100867", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/100867" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12156", "reference_id": "CVE-2017-12156", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2017-12156" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54108?format=api", "purl": "pkg:composer/moodle/moodle@3.1.9", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajkr-fxa1-mkhk" }, { "vulnerability": "VCID-duna-st9c-mqbk" }, { "vulnerability": "VCID-yghg-775s-vber" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/54109?format=api", "purl": "pkg:composer/moodle/moodle@3.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajkr-fxa1-mkhk" }, { "vulnerability": "VCID-duna-st9c-mqbk" }, { "vulnerability": "VCID-nc2j-pay7-ryab" }, { "vulnerability": "VCID-yghg-775s-vber" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/54110?format=api", "purl": "pkg:composer/moodle/moodle@3.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-ajkr-fxa1-mkhk" }, { "vulnerability": "VCID-duna-st9c-mqbk" }, { "vulnerability": "VCID-nc2j-pay7-ryab" }, { "vulnerability": "VCID-yghg-775s-vber" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.3" } ], "aliases": [ "CVE-2017-12156" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zgzm-wj81-jkah" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.3" }