Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/moodle/moodle@3.1.10

Type composer

Namespace moodle

Name moodle

Version 3.1.10

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 3.1.12

Latest_non_vulnerable_version 5.1.2

Affected_by_vulnerabilities

url VCID-m4zv-e3dn-budf

vulnerability_id VCID-m4zv-e3dn-budf

summary

Improper Access Control
Unauthenticated users can trigger custom messages to admin via paypal enrol script. Paypal IPN callback script should only send error emails to admin after request origin was verified, otherwise admin email can be spammed.

references

reference_url	https://moodle.org/mod/forum/discuss.php?d=367938
reference_id
reference_type
scores
url	https://moodle.org/mod/forum/discuss.php?d=367938

reference_url	http://www.securityfocus.com/bid/103728
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/103728

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2018-1081
reference_id	CVE-2018-1081
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2018-1081

fixed_packages

url pkg:composer/moodle/moodle@3.1.11

purl pkg:composer/moodle/moodle@3.1.11

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b7br-bh2d-rygp

vulnerability	VCID-ckg1-9vpt-yfdk

vulnerability	VCID-fegs-ubsk-63hu

vulnerability	VCID-g8ct-c4ce-zuaf

vulnerability	VCID-p2gd-7uam-mqf8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.11

url pkg:composer/moodle/moodle@3.2.8

purl pkg:composer/moodle/moodle@3.2.8

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b7br-bh2d-rygp

vulnerability	VCID-ckg1-9vpt-yfdk

vulnerability	VCID-fegs-ubsk-63hu

vulnerability	VCID-g8ct-c4ce-zuaf

vulnerability	VCID-p2gd-7uam-mqf8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.8

url pkg:composer/moodle/moodle@3.3.5

purl pkg:composer/moodle/moodle@3.3.5

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b7br-bh2d-rygp

vulnerability	VCID-ckg1-9vpt-yfdk

vulnerability	VCID-fegs-ubsk-63hu

vulnerability	VCID-g8ct-c4ce-zuaf

vulnerability	VCID-p2gd-7uam-mqf8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.5

url pkg:composer/moodle/moodle@3.4.2

purl pkg:composer/moodle/moodle@3.4.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b7br-bh2d-rygp

vulnerability	VCID-ckg1-9vpt-yfdk

vulnerability	VCID-fegs-ubsk-63hu

vulnerability	VCID-g8ct-c4ce-zuaf

vulnerability	VCID-p2gd-7uam-mqf8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.2

aliases CVE-2018-1081

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m4zv-e3dn-budf

Fixing_vulnerabilities

url VCID-ajkr-fxa1-mkhk

vulnerability_id VCID-ajkr-fxa1-mkhk

summary

Cross-site Scripting
Moodle is vulnerable to XSS via a calendar event name.

references

reference_url	https://moodle.org/mod/forum/discuss.php?d=364384
reference_id
reference_type
scores
url	https://moodle.org/mod/forum/discuss.php?d=364384

reference_url	http://www.securityfocus.com/bid/102755
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/102755

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2018-1045
reference_id	CVE-2018-1045
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2018-1045

fixed_packages

url pkg:composer/moodle/moodle@3.1.10

purl pkg:composer/moodle/moodle@3.1.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-m4zv-e3dn-budf

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.10

url pkg:composer/moodle/moodle@3.2.7

purl pkg:composer/moodle/moodle@3.2.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-m4zv-e3dn-budf

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.7

url pkg:composer/moodle/moodle@3.3.4

purl pkg:composer/moodle/moodle@3.3.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fygy-9njn-abgd

vulnerability	VCID-m4zv-e3dn-budf

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.4

aliases CVE-2018-1045

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ajkr-fxa1-mkhk

url VCID-duna-st9c-mqbk

vulnerability_id VCID-duna-st9c-mqbk

summary

Information Exposure
In Moodle, the quiz web services allow students to see quiz results when it is prohibited in the settings.

references

reference_url	https://moodle.org/mod/forum/discuss.php?d=364383
reference_id
reference_type
scores
url	https://moodle.org/mod/forum/discuss.php?d=364383

reference_url	http://www.securityfocus.com/bid/102754
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/102754

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2018-1044
reference_id	CVE-2018-1044
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2018-1044

fixed_packages

url pkg:composer/moodle/moodle@3.1.10

purl pkg:composer/moodle/moodle@3.1.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-m4zv-e3dn-budf

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.10

url pkg:composer/moodle/moodle@3.2.7

purl pkg:composer/moodle/moodle@3.2.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-m4zv-e3dn-budf

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.7

url pkg:composer/moodle/moodle@3.3.4

purl pkg:composer/moodle/moodle@3.3.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fygy-9njn-abgd

vulnerability	VCID-m4zv-e3dn-budf

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.4

url pkg:composer/moodle/moodle@3.4.1

purl pkg:composer/moodle/moodle@3.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fygy-9njn-abgd

vulnerability	VCID-m4zv-e3dn-budf

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.1

aliases CVE-2018-1044

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-duna-st9c-mqbk

url VCID-yghg-775s-vber

vulnerability_id VCID-yghg-775s-vber

summary

Server-Side Request Forgery (SSRF)
Moodle has Server Side Request Forgery in the `filepicker`.

references

reference_url	https://moodle.org/mod/forum/discuss.php?d=364381
reference_id
reference_type
scores
url	https://moodle.org/mod/forum/discuss.php?d=364381

reference_url	http://www.securityfocus.com/bid/102752
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/102752

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2018-1042
reference_id	CVE-2018-1042
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2018-1042

fixed_packages

url pkg:composer/moodle/moodle@3.1.10

purl pkg:composer/moodle/moodle@3.1.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-m4zv-e3dn-budf

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.10

url pkg:composer/moodle/moodle@3.2.7

purl pkg:composer/moodle/moodle@3.2.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-m4zv-e3dn-budf

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.7

url pkg:composer/moodle/moodle@3.3.4

purl pkg:composer/moodle/moodle@3.3.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fygy-9njn-abgd

vulnerability	VCID-m4zv-e3dn-budf

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.4

url pkg:composer/moodle/moodle@3.4.1

purl pkg:composer/moodle/moodle@3.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fygy-9njn-abgd

vulnerability	VCID-m4zv-e3dn-budf

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.1

aliases CVE-2018-1042

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yghg-775s-vber

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.10

Package Instance