Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/57639?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/57639?format=api", "purl": "pkg:composer/moodle/moodle@3.6.0", "type": "composer", "namespace": "moodle", "name": "moodle", "version": "3.6.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "3.6.2", "latest_non_vulnerable_version": "5.1.2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40837?format=api", "vulnerability_id": "VCID-336n-hpzg-euhd", "summary": "Cross-site Scripting\nThe 'manage groups' capability did not have the 'XSS risk' flag assigned to it, but does have that access in certain places. Note that the capability is intended for use by trusted users, and is only assigned to teachers and managers by default.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64395", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64395" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3808", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3808" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=381228#p1536765", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=381228#p1536765" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3808", "reference_id": "CVE-2019-3808", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3808" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57643?format=api", "purl": "pkg:composer/moodle/moodle@3.6.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.2" } ], "aliases": [ "CVE-2019-3808" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-336n-hpzg-euhd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40840?format=api", "vulnerability_id": "VCID-akv3-zfp8-kkc7", "summary": "Permissions, Privileges, and Access Controls\nThere was a link to site home within the the Boost theme's secure layout, meaning students could navigate out of the page.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3851", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3851" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=384014#p1547746", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=384014#p1547746" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3851", "reference_id": "CVE-2019-3851", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3851" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57657?format=api", "purl": "pkg:composer/moodle/moodle@3.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-deur-8zdf-2kh2" }, { "vulnerability": "VCID-qxsq-ku22-r7gx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.3" } ], "aliases": [ "CVE-2019-3851" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-akv3-zfp8-kkc7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41135?format=api", "vulnerability_id": "VCID-deur-8zdf-2kh2", "summary": "Improper Input Validation\nThe size of users' private file uploads via email were not correctly checked, so their quota allowance could be exceeded.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10134", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10134" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=386524", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=386524" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10134", "reference_id": "CVE-2019-10134", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10134" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58258?format=api", "purl": "pkg:composer/moodle/moodle@3.6.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.4" } ], "aliases": [ "CVE-2019-10134" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-deur-8zdf-2kh2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43638?format=api", "vulnerability_id": "VCID-eaf7-c68j-audm", "summary": "Moodle context freezing\nA vulnerability was found in moodle before version 3.6.3. The get_with_capability_join and get_users_by_capability functions were not taking context freezing into account when checking user capabilities", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3852", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3852" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/5ee3cbc624c1c4d39adc08c2121a1738d6b5e700", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/5ee3cbc624c1c4d39adc08c2121a1738d6b5e700" }, { "reference_url": "https://github.com/moodle/moodle/commit/90c2e5e707c27cd1ef0b992cc5e55e76dcd17204", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/90c2e5e707c27cd1ef0b992cc5e55e76dcd17204" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=384015#p1547748", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=384015#p1547748" }, { "reference_url": "https://web.archive.org/web/20210624085935/http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20210624085935/http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64410" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3852", "reference_id": "CVE-2019-3852", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3852" }, { "reference_url": "https://github.com/advisories/GHSA-v2rh-5v88-rgvh", "reference_id": "GHSA-v2rh-5v88-rgvh", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-v2rh-5v88-rgvh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57657?format=api", "purl": "pkg:composer/moodle/moodle@3.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-deur-8zdf-2kh2" }, { "vulnerability": "VCID-qxsq-ku22-r7gx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.3" } ], "aliases": [ "CVE-2019-3852", "GHSA-v2rh-5v88-rgvh" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eaf7-c68j-audm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40834?format=api", "vulnerability_id": "VCID-k73h-z6j8-gkgz", "summary": "Information Exposure\nThe `/userpix/` page did not escape users' full names, which are included as text when hovering over profile images. Note this page is not linked to by default and its access is restricted.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64372", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64372" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3810", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3810" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=381230#p1536767", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=381230#p1536767" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3810", "reference_id": "CVE-2019-3810", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3810" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57643?format=api", "purl": "pkg:composer/moodle/moodle@3.6.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.2" } ], "aliases": [ "CVE-2019-3810" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k73h-z6j8-gkgz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40841?format=api", "vulnerability_id": "VCID-qhv1-wgpm-7fh6", "summary": "Improper Authorization\nUsers could assign themselves an escalated role within courses or content accessed via LTI, by modifying the request to the LTI publisher site.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3849", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3849" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=384012#p1547744", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=384012#p1547744" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3849", "reference_id": "CVE-2019-3849", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3849" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57657?format=api", "purl": "pkg:composer/moodle/moodle@3.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-deur-8zdf-2kh2" }, { "vulnerability": "VCID-qxsq-ku22-r7gx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.3" } ], "aliases": [ "CVE-2019-3849" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qhv1-wgpm-7fh6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41132?format=api", "vulnerability_id": "VCID-qxsq-ku22-r7gx", "summary": "URL Redirection to Untrusted Site (Open Redirect)\nThe form to upload cohorts contained a redirect field, which was not restricted to internal URLs.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10133", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10133" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=386523", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=386523" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10133", "reference_id": "CVE-2019-10133", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10133" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58258?format=api", "purl": "pkg:composer/moodle/moodle@3.6.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.4" } ], "aliases": [ "CVE-2019-10133" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qxsq-ku22-r7gx" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40842?format=api", "vulnerability_id": "VCID-r6kn-b963-eqge", "summary": "URL Redirection to Untrusted Site (Open Redirect)\nLinks within assignment submission comments would open directly (in the same window). Although links themselves may be valid, opening within the same window and without the no-referrer header policy made them more susceptible to exploits.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3850", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3850" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=384013#p1547745", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=384013#p1547745" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3850", "reference_id": "CVE-2019-3850", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3850" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57657?format=api", "purl": "pkg:composer/moodle/moodle@3.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-deur-8zdf-2kh2" }, { "vulnerability": "VCID-qxsq-ku22-r7gx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.3" } ], "aliases": [ "CVE-2019-3850" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r6kn-b963-eqge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40847?format=api", "vulnerability_id": "VCID-s6uu-335k-yfbc", "summary": "Improper Input Validation\nUsers with the \"login as other users\" capability (such as administrators/managers) can access other users' Dashboards, but the JavaScript those other users may have added to their Dashboard was not being escaped when being viewed by the user logging in on their behalf.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3847", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3847" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=384010#p1547742", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=384010#p1547742" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3847", "reference_id": "CVE-2019-3847", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3847" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57657?format=api", "purl": "pkg:composer/moodle/moodle@3.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-deur-8zdf-2kh2" }, { "vulnerability": "VCID-qxsq-ku22-r7gx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.3" } ], "aliases": [ "CVE-2019-3847" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s6uu-335k-yfbc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40843?format=api", "vulnerability_id": "VCID-zjrq-np3y-hua5", "summary": "Information Exposure\nPermissions were not correctly checked before loading event information into the calendar's edit event modal popup, so logged in non-guest users could view unauthorised calendar events.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3848", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3848" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=384011#p1547743", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=384011#p1547743" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3848", "reference_id": "CVE-2019-3848", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3848" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57657?format=api", "purl": "pkg:composer/moodle/moodle@3.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-deur-8zdf-2kh2" }, { "vulnerability": "VCID-qxsq-ku22-r7gx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.3" } ], "aliases": [ "CVE-2019-3848" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zjrq-np3y-hua5" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.0" }