Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/moodle/moodle@3.6.3
Typecomposer
Namespacemoodle
Namemoodle
Version3.6.3
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.6.4
Latest_non_vulnerable_version5.1.2
Affected_by_vulnerabilities
0
url VCID-deur-8zdf-2kh2
vulnerability_id VCID-deur-8zdf-2kh2
summary 
Improper Input Validation
The size of users' private file uploads via email were not correctly checked, so their quota allowance could be exceeded.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10134
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10134
1
reference_url https://moodle.org/mod/forum/discuss.php?d=386524
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=386524
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10134
reference_id CVE-2019-10134
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2019-10134
fixed_packages
0
url pkg:composer/moodle/moodle@3.6.4
purl pkg:composer/moodle/moodle@3.6.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.4
aliases CVE-2019-10134
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-deur-8zdf-2kh2
1
url VCID-qxsq-ku22-r7gx
vulnerability_id VCID-qxsq-ku22-r7gx
summary 
URL Redirection to Untrusted Site (Open Redirect)
The form to upload cohorts contained a redirect field, which was not restricted to internal URLs.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10133
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10133
1
reference_url https://moodle.org/mod/forum/discuss.php?d=386523
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=386523
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-10133
reference_id CVE-2019-10133
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2019-10133
fixed_packages
0
url pkg:composer/moodle/moodle@3.6.4
purl pkg:composer/moodle/moodle@3.6.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.4
aliases CVE-2019-10133
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qxsq-ku22-r7gx
Fixing_vulnerabilities
0
url VCID-akv3-zfp8-kkc7
vulnerability_id VCID-akv3-zfp8-kkc7
summary 
Permissions, Privileges, and Access Controls
There was a link to site home within the the Boost theme's secure layout, meaning students could navigate out of the page.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3851
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3851
1
reference_url https://moodle.org/mod/forum/discuss.php?d=384014#p1547746
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=384014#p1547746
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-3851
reference_id CVE-2019-3851
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2019-3851
fixed_packages
0
url pkg:composer/moodle/moodle@3.5.5
purl pkg:composer/moodle/moodle@3.5.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-deur-8zdf-2kh2
1
vulnerability VCID-qxsq-ku22-r7gx
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.5
1
url pkg:composer/moodle/moodle@3.6.3
purl pkg:composer/moodle/moodle@3.6.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-deur-8zdf-2kh2
1
vulnerability VCID-qxsq-ku22-r7gx
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.3
aliases CVE-2019-3851
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-akv3-zfp8-kkc7
1
url VCID-eaf7-c68j-audm
vulnerability_id VCID-eaf7-c68j-audm
summary 
Moodle context freezing
A vulnerability was found in moodle before version 3.6.3. The get_with_capability_join and get_users_by_capability functions were not taking context freezing into account when checking user capabilities
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3852
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3852
1
reference_url https://github.com/moodle/moodle
reference_id
reference_type
scores
url https://github.com/moodle/moodle
2
reference_url https://github.com/moodle/moodle/commit/5ee3cbc624c1c4d39adc08c2121a1738d6b5e700
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/5ee3cbc624c1c4d39adc08c2121a1738d6b5e700
3
reference_url https://github.com/moodle/moodle/commit/90c2e5e707c27cd1ef0b992cc5e55e76dcd17204
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/90c2e5e707c27cd1ef0b992cc5e55e76dcd17204
4
reference_url https://moodle.org/mod/forum/discuss.php?d=384015#p1547748
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=384015#p1547748
5
reference_url https://web.archive.org/web/20210624085935/http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64410
reference_id
reference_type
scores
url https://web.archive.org/web/20210624085935/http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64410
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-3852
reference_id CVE-2019-3852
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2019-3852
7
reference_url https://github.com/advisories/GHSA-v2rh-5v88-rgvh
reference_id GHSA-v2rh-5v88-rgvh
reference_type
scores
url https://github.com/advisories/GHSA-v2rh-5v88-rgvh
fixed_packages
0
url pkg:composer/moodle/moodle@3.6.3
purl pkg:composer/moodle/moodle@3.6.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-deur-8zdf-2kh2
1
vulnerability VCID-qxsq-ku22-r7gx
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.3
aliases CVE-2019-3852, GHSA-v2rh-5v88-rgvh
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-eaf7-c68j-audm
2
url VCID-qhv1-wgpm-7fh6
vulnerability_id VCID-qhv1-wgpm-7fh6
summary 
Improper Authorization
Users could assign themselves an escalated role within courses or content accessed via LTI, by modifying the request to the LTI publisher site.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3849
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3849
1
reference_url https://moodle.org/mod/forum/discuss.php?d=384012#p1547744
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=384012#p1547744
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-3849
reference_id CVE-2019-3849
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2019-3849
fixed_packages
0
url pkg:composer/moodle/moodle@3.4.8
purl pkg:composer/moodle/moodle@3.4.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-deur-8zdf-2kh2
1
vulnerability VCID-qxsq-ku22-r7gx
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.8
1
url pkg:composer/moodle/moodle@3.5.5
purl pkg:composer/moodle/moodle@3.5.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-deur-8zdf-2kh2
1
vulnerability VCID-qxsq-ku22-r7gx
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.5
2
url pkg:composer/moodle/moodle@3.6.3
purl pkg:composer/moodle/moodle@3.6.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-deur-8zdf-2kh2
1
vulnerability VCID-qxsq-ku22-r7gx
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.3
aliases CVE-2019-3849
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qhv1-wgpm-7fh6
3
url VCID-r6kn-b963-eqge
vulnerability_id VCID-r6kn-b963-eqge
summary 
URL Redirection to Untrusted Site (Open Redirect)
Links within assignment submission comments would open directly (in the same window). Although links themselves may be valid, opening within the same window and without the no-referrer header policy made them more susceptible to exploits.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3850
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3850
1
reference_url https://moodle.org/mod/forum/discuss.php?d=384013#p1547745
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=384013#p1547745
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-3850
reference_id CVE-2019-3850
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2019-3850
fixed_packages
0
url pkg:composer/moodle/moodle@3.1.17
purl pkg:composer/moodle/moodle@3.1.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-deur-8zdf-2kh2
1
vulnerability VCID-qxsq-ku22-r7gx
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.17
1
url pkg:composer/moodle/moodle@3.4.8
purl pkg:composer/moodle/moodle@3.4.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-deur-8zdf-2kh2
1
vulnerability VCID-qxsq-ku22-r7gx
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.8
2
url pkg:composer/moodle/moodle@3.5.5
purl pkg:composer/moodle/moodle@3.5.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-deur-8zdf-2kh2
1
vulnerability VCID-qxsq-ku22-r7gx
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.5
3
url pkg:composer/moodle/moodle@3.6.3
purl pkg:composer/moodle/moodle@3.6.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-deur-8zdf-2kh2
1
vulnerability VCID-qxsq-ku22-r7gx
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.3
aliases CVE-2019-3850
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-r6kn-b963-eqge
4
url VCID-s6uu-335k-yfbc
vulnerability_id VCID-s6uu-335k-yfbc
summary 
Improper Input Validation
Users with the "login as other users" capability (such as administrators/managers) can access other users' Dashboards, but the JavaScript those other users may have added to their Dashboard was not being escaped when being viewed by the user logging in on their behalf.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3847
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3847
1
reference_url https://moodle.org/mod/forum/discuss.php?d=384010#p1547742
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=384010#p1547742
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-3847
reference_id CVE-2019-3847
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2019-3847
fixed_packages
0
url pkg:composer/moodle/moodle@3.1.17
purl pkg:composer/moodle/moodle@3.1.17
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-deur-8zdf-2kh2
1
vulnerability VCID-qxsq-ku22-r7gx
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.17
1
url pkg:composer/moodle/moodle@3.4.8
purl pkg:composer/moodle/moodle@3.4.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-deur-8zdf-2kh2
1
vulnerability VCID-qxsq-ku22-r7gx
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.8
2
url pkg:composer/moodle/moodle@3.5.5
purl pkg:composer/moodle/moodle@3.5.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-deur-8zdf-2kh2
1
vulnerability VCID-qxsq-ku22-r7gx
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.5
3
url pkg:composer/moodle/moodle@3.6.3
purl pkg:composer/moodle/moodle@3.6.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-deur-8zdf-2kh2
1
vulnerability VCID-qxsq-ku22-r7gx
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.3
aliases CVE-2019-3847
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s6uu-335k-yfbc
5
url VCID-zjrq-np3y-hua5
vulnerability_id VCID-zjrq-np3y-hua5
summary 
Information Exposure
Permissions were not correctly checked before loading event information into the calendar's edit event modal popup, so logged in non-guest users could view unauthorised calendar events.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3848
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3848
1
reference_url https://moodle.org/mod/forum/discuss.php?d=384011#p1547743
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=384011#p1547743
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2019-3848
reference_id CVE-2019-3848
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2019-3848
fixed_packages
0
url pkg:composer/moodle/moodle@3.4.8
purl pkg:composer/moodle/moodle@3.4.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-deur-8zdf-2kh2
1
vulnerability VCID-qxsq-ku22-r7gx
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.8
1
url pkg:composer/moodle/moodle@3.5.5
purl pkg:composer/moodle/moodle@3.5.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-deur-8zdf-2kh2
1
vulnerability VCID-qxsq-ku22-r7gx
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.5
2
url pkg:composer/moodle/moodle@3.6.3
purl pkg:composer/moodle/moodle@3.6.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-deur-8zdf-2kh2
1
vulnerability VCID-qxsq-ku22-r7gx
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.3
aliases CVE-2019-3848
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zjrq-np3y-hua5
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.3