Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/54896?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/54896?format=api", "purl": "pkg:composer/moodle/moodle@3.4.1", "type": "composer", "namespace": "moodle", "name": "moodle", "version": "3.4.1", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "3.4.3", "latest_non_vulnerable_version": "5.1.2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39537?format=api", "vulnerability_id": "VCID-fygy-9njn-abgd", "summary": "Improper Authentication\nA flaw was found in Moodle. If a user account using OAuth2 authentication method was once confirmed but later suspended, the user could still login to the site.", "references": [ { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=367939", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=367939" }, { "reference_url": "http://www.securityfocus.com/bid/103725", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/103725" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1082", "reference_id": "CVE-2018-1082", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1082" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55321?format=api", "purl": "pkg:composer/moodle/moodle@3.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7br-bh2d-rygp" }, { "vulnerability": "VCID-ckg1-9vpt-yfdk" }, { "vulnerability": "VCID-fegs-ubsk-63hu" }, { "vulnerability": "VCID-g8ct-c4ce-zuaf" }, { "vulnerability": "VCID-p2gd-7uam-mqf8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.2" } ], "aliases": [ "CVE-2018-1082" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-fygy-9njn-abgd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39536?format=api", "vulnerability_id": "VCID-m4zv-e3dn-budf", "summary": "Improper Access Control\nUnauthenticated users can trigger custom messages to admin via paypal enrol script. Paypal IPN callback script should only send error emails to admin after request origin was verified, otherwise admin email can be spammed.", "references": [ { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=367938", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=367938" }, { "reference_url": "http://www.securityfocus.com/bid/103728", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/103728" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1081", "reference_id": "CVE-2018-1081", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1081" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/55321?format=api", "purl": "pkg:composer/moodle/moodle@3.4.2", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-b7br-bh2d-rygp" }, { "vulnerability": "VCID-ckg1-9vpt-yfdk" }, { "vulnerability": "VCID-fegs-ubsk-63hu" }, { "vulnerability": "VCID-g8ct-c4ce-zuaf" }, { "vulnerability": "VCID-p2gd-7uam-mqf8" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.2" } ], "aliases": [ "CVE-2018-1081" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-m4zv-e3dn-budf" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39325?format=api", "vulnerability_id": "VCID-duna-st9c-mqbk", "summary": "Information Exposure\nIn Moodle, the quiz web services allow students to see quiz results when it is prohibited in the settings.", "references": [ { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=364383", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=364383" }, { "reference_url": "http://www.securityfocus.com/bid/102754", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/102754" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1044", "reference_id": "CVE-2018-1044", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1044" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54885?format=api", "purl": "pkg:composer/moodle/moodle@3.1.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-m4zv-e3dn-budf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/54886?format=api", "purl": "pkg:composer/moodle/moodle@3.2.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-m4zv-e3dn-budf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/54887?format=api", "purl": "pkg:composer/moodle/moodle@3.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fygy-9njn-abgd" }, { "vulnerability": "VCID-m4zv-e3dn-budf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/54896?format=api", "purl": "pkg:composer/moodle/moodle@3.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fygy-9njn-abgd" }, { "vulnerability": "VCID-m4zv-e3dn-budf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.1" } ], "aliases": [ "CVE-2018-1044" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-duna-st9c-mqbk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39328?format=api", "vulnerability_id": "VCID-nc2j-pay7-ryab", "summary": "Insufficient Access Control\nThe setting for blocked hosts list can be bypassed with multiple A record `hostnames`.", "references": [ { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=364382", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=364382" }, { "reference_url": "http://www.securityfocus.com/bid/102769", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/102769" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1043", "reference_id": "CVE-2018-1043", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1043" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54886?format=api", "purl": "pkg:composer/moodle/moodle@3.2.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-m4zv-e3dn-budf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/54887?format=api", "purl": "pkg:composer/moodle/moodle@3.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fygy-9njn-abgd" }, { "vulnerability": "VCID-m4zv-e3dn-budf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/54896?format=api", "purl": "pkg:composer/moodle/moodle@3.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fygy-9njn-abgd" }, { "vulnerability": "VCID-m4zv-e3dn-budf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.1" } ], "aliases": [ "CVE-2018-1043" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-nc2j-pay7-ryab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/39329?format=api", "vulnerability_id": "VCID-yghg-775s-vber", "summary": "Server-Side Request Forgery (SSRF)\nMoodle has Server Side Request Forgery in the `filepicker`.", "references": [ { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=364381", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=364381" }, { "reference_url": "http://www.securityfocus.com/bid/102752", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/102752" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1042", "reference_id": "CVE-2018-1042", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1042" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/54885?format=api", "purl": "pkg:composer/moodle/moodle@3.1.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-m4zv-e3dn-budf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/54886?format=api", "purl": "pkg:composer/moodle/moodle@3.2.7", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-m4zv-e3dn-budf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/54887?format=api", "purl": "pkg:composer/moodle/moodle@3.3.4", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fygy-9njn-abgd" }, { "vulnerability": "VCID-m4zv-e3dn-budf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/54896?format=api", "purl": "pkg:composer/moodle/moodle@3.4.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-fygy-9njn-abgd" }, { "vulnerability": "VCID-m4zv-e3dn-budf" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.1" } ], "aliases": [ "CVE-2018-1042" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yghg-775s-vber" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.1" }