Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/57634?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/57634?format=api", "purl": "pkg:composer/moodle/moodle@3.1.16", "type": "composer", "namespace": "moodle", "name": "moodle", "version": "3.1.16", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "3.1.18", "latest_non_vulnerable_version": "5.1.2", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40837?format=api", "vulnerability_id": "VCID-336n-hpzg-euhd", "summary": "Cross-site Scripting\nThe 'manage groups' capability did not have the 'XSS risk' flag assigned to it, but does have that access in certain places. Note that the capability is intended for use by trusted users, and is only assigned to teachers and managers by default.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64395", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64395" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3808", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3808" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=381228#p1536765", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=381228#p1536765" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3808", "reference_id": "CVE-2019-3808", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3808" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57634?format=api", "purl": "pkg:composer/moodle/moodle@3.1.16", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/57641?format=api", "purl": "pkg:composer/moodle/moodle@3.4.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/57642?format=api", "purl": "pkg:composer/moodle/moodle@3.5.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/57643?format=api", "purl": "pkg:composer/moodle/moodle@3.6.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.2" } ], "aliases": [ "CVE-2019-3808" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-336n-hpzg-euhd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40833?format=api", "vulnerability_id": "VCID-9t4u-n1pn-w3bd", "summary": "Server-Side Request Forgery (SSRF)\nThe mybackpack functionality allowed setting the URL of badges, when it should be restricted to the Mozilla Open Badges backpack URL. This resulted in the possibility of blind SSRF via requests made by the page.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64222", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64222" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3809", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3809" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=381229#p1536766", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=381229#p1536766" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3809", "reference_id": "CVE-2019-3809", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3809" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57634?format=api", "purl": "pkg:composer/moodle/moodle@3.1.16", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.16" } ], "aliases": [ "CVE-2019-3809" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9t4u-n1pn-w3bd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40834?format=api", "vulnerability_id": "VCID-k73h-z6j8-gkgz", "summary": "Information Exposure\nThe `/userpix/` page did not escape users' full names, which are included as text when hovering over profile images. Note this page is not linked to by default and its access is restricted.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64372", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64372" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3810", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3810" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=381230#p1536767", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=381230#p1536767" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3810", "reference_id": "CVE-2019-3810", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3810" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57634?format=api", "purl": "pkg:composer/moodle/moodle@3.1.16", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/57641?format=api", "purl": "pkg:composer/moodle/moodle@3.4.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/57642?format=api", "purl": "pkg:composer/moodle/moodle@3.5.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/57643?format=api", "purl": "pkg:composer/moodle/moodle@3.6.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.2" } ], "aliases": [ "CVE-2019-3810" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k73h-z6j8-gkgz" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.16" }