Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/57642?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/57642?format=api", "purl": "pkg:composer/moodle/moodle@3.5.4", "type": "composer", "namespace": "moodle", "name": "moodle", "version": "3.5.4", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "3.5.6", "latest_non_vulnerable_version": "5.1.2", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40837?format=api", "vulnerability_id": "VCID-336n-hpzg-euhd", "summary": "Cross-site Scripting\nThe 'manage groups' capability did not have the 'XSS risk' flag assigned to it, but does have that access in certain places. Note that the capability is intended for use by trusted users, and is only assigned to teachers and managers by default.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64395", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64395" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3808", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3808" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=381228#p1536765", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=381228#p1536765" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3808", "reference_id": "CVE-2019-3808", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3808" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57634?format=api", "purl": "pkg:composer/moodle/moodle@3.1.16", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/57641?format=api", "purl": "pkg:composer/moodle/moodle@3.4.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/57642?format=api", "purl": "pkg:composer/moodle/moodle@3.5.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/57643?format=api", "purl": "pkg:composer/moodle/moodle@3.6.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.2" } ], "aliases": [ "CVE-2019-3808" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-336n-hpzg-euhd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40834?format=api", "vulnerability_id": "VCID-k73h-z6j8-gkgz", "summary": "Information Exposure\nThe `/userpix/` page did not escape users' full names, which are included as text when hovering over profile images. Note this page is not linked to by default and its access is restricted.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64372", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64372" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3810", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3810" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=381230#p1536767", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=381230#p1536767" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3810", "reference_id": "CVE-2019-3810", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3810" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57634?format=api", "purl": "pkg:composer/moodle/moodle@3.1.16", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.16" }, { "url": "http://public2.vulnerablecode.io/api/packages/57641?format=api", "purl": "pkg:composer/moodle/moodle@3.4.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/57642?format=api", "purl": "pkg:composer/moodle/moodle@3.5.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/57643?format=api", "purl": "pkg:composer/moodle/moodle@3.6.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.2" } ], "aliases": [ "CVE-2019-3810" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-k73h-z6j8-gkgz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43862?format=api", "vulnerability_id": "VCID-x72x-7e66-yff3", "summary": "Moodle SSRF Vulnerability\nThe `edit_blog.php` script allows a registered user to add external RSS feed resources. It was identified that this feature could be abused to be used as a SSRF attack vector by adding a malicious URL/TCP PORT in order to target internal network or an internet hosted server, bypassing firewall rules, IP filtering and more.\n\nThis kind of vulnerability is then called “blind” because of no response available on Moodle web site, enforcing attacker to exploit it using a “time based” approach.", "references": [ { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://www.excellium-services.com/cert-xlm-advisory", "reference_id": "", "reference_type": "", "scores": [], "url": "https://www.excellium-services.com/cert-xlm-advisory" }, { "reference_url": "https://cds.thalesgroup.com/en/tcs-cert/CVE-2019-6970", "reference_id": "CVE-2019-6970", "reference_type": "", "scores": [], "url": "https://cds.thalesgroup.com/en/tcs-cert/CVE-2019-6970" }, { "reference_url": "https://excellium-services.com/cert-xlm-advisory/cve-2019-6970", "reference_id": "CVE-2019-6970", "reference_type": "", "scores": [], "url": "https://excellium-services.com/cert-xlm-advisory/cve-2019-6970" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6970", "reference_id": "CVE-2019-6970", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-6970" }, { "reference_url": "https://www.excellium-services.com/cert-xlm-advisory/cve-2019-6970", "reference_id": "CVE-2019-6970", "reference_type": "", "scores": [], "url": "https://www.excellium-services.com/cert-xlm-advisory/cve-2019-6970" }, { "reference_url": "https://github.com/advisories/GHSA-vjxx-54vw-q59f", "reference_id": "GHSA-vjxx-54vw-q59f", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-vjxx-54vw-q59f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57642?format=api", "purl": "pkg:composer/moodle/moodle@3.5.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.4" } ], "aliases": [ "CVE-2019-6970", "GHSA-vjxx-54vw-q59f" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-x72x-7e66-yff3" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.4" }