Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/57657?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/57657?format=api", "purl": "pkg:composer/moodle/moodle@3.6.3", "type": "composer", "namespace": "moodle", "name": "moodle", "version": "3.6.3", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "3.6.4", "latest_non_vulnerable_version": "5.1.2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41135?format=api", "vulnerability_id": "VCID-deur-8zdf-2kh2", "summary": "Improper Input Validation\nThe size of users' private file uploads via email were not correctly checked, so their quota allowance could be exceeded.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10134", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10134" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=386524", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=386524" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10134", "reference_id": "CVE-2019-10134", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10134" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58258?format=api", "purl": "pkg:composer/moodle/moodle@3.6.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.4" } ], "aliases": [ "CVE-2019-10134" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-deur-8zdf-2kh2" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/41132?format=api", "vulnerability_id": "VCID-qxsq-ku22-r7gx", "summary": "URL Redirection to Untrusted Site (Open Redirect)\nThe form to upload cohorts contained a redirect field, which was not restricted to internal URLs.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10133", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10133" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=386523", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=386523" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10133", "reference_id": "CVE-2019-10133", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-10133" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/58258?format=api", "purl": "pkg:composer/moodle/moodle@3.6.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.4" } ], "aliases": [ "CVE-2019-10133" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qxsq-ku22-r7gx" } ], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40840?format=api", "vulnerability_id": "VCID-akv3-zfp8-kkc7", "summary": "Permissions, Privileges, and Access Controls\nThere was a link to site home within the the Boost theme's secure layout, meaning students could navigate out of the page.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3851", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3851" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=384014#p1547746", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=384014#p1547746" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3851", "reference_id": "CVE-2019-3851", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3851" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57656?format=api", "purl": "pkg:composer/moodle/moodle@3.5.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-deur-8zdf-2kh2" }, { "vulnerability": "VCID-qxsq-ku22-r7gx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/57657?format=api", "purl": "pkg:composer/moodle/moodle@3.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-deur-8zdf-2kh2" }, { "vulnerability": "VCID-qxsq-ku22-r7gx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.3" } ], "aliases": [ "CVE-2019-3851" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-akv3-zfp8-kkc7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43638?format=api", "vulnerability_id": "VCID-eaf7-c68j-audm", "summary": "Moodle context freezing\nA vulnerability was found in moodle before version 3.6.3. The get_with_capability_join and get_users_by_capability functions were not taking context freezing into account when checking user capabilities", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3852", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3852" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/5ee3cbc624c1c4d39adc08c2121a1738d6b5e700", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/5ee3cbc624c1c4d39adc08c2121a1738d6b5e700" }, { "reference_url": "https://github.com/moodle/moodle/commit/90c2e5e707c27cd1ef0b992cc5e55e76dcd17204", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/90c2e5e707c27cd1ef0b992cc5e55e76dcd17204" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=384015#p1547748", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=384015#p1547748" }, { "reference_url": "https://web.archive.org/web/20210624085935/http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64410", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20210624085935/http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64410" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3852", "reference_id": "CVE-2019-3852", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3852" }, { "reference_url": "https://github.com/advisories/GHSA-v2rh-5v88-rgvh", "reference_id": "GHSA-v2rh-5v88-rgvh", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-v2rh-5v88-rgvh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57657?format=api", "purl": "pkg:composer/moodle/moodle@3.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-deur-8zdf-2kh2" }, { "vulnerability": "VCID-qxsq-ku22-r7gx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.3" } ], "aliases": [ "CVE-2019-3852", "GHSA-v2rh-5v88-rgvh" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-eaf7-c68j-audm" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40841?format=api", "vulnerability_id": "VCID-qhv1-wgpm-7fh6", "summary": "Improper Authorization\nUsers could assign themselves an escalated role within courses or content accessed via LTI, by modifying the request to the LTI publisher site.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3849", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3849" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=384012#p1547744", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=384012#p1547744" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3849", "reference_id": "CVE-2019-3849", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3849" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57658?format=api", "purl": "pkg:composer/moodle/moodle@3.4.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-deur-8zdf-2kh2" }, { "vulnerability": "VCID-qxsq-ku22-r7gx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/57656?format=api", "purl": "pkg:composer/moodle/moodle@3.5.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-deur-8zdf-2kh2" }, { "vulnerability": "VCID-qxsq-ku22-r7gx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/57657?format=api", "purl": "pkg:composer/moodle/moodle@3.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-deur-8zdf-2kh2" }, { "vulnerability": "VCID-qxsq-ku22-r7gx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.3" } ], "aliases": [ "CVE-2019-3849" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-qhv1-wgpm-7fh6" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40842?format=api", "vulnerability_id": "VCID-r6kn-b963-eqge", "summary": "URL Redirection to Untrusted Site (Open Redirect)\nLinks within assignment submission comments would open directly (in the same window). Although links themselves may be valid, opening within the same window and without the no-referrer header policy made them more susceptible to exploits.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3850", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3850" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=384013#p1547745", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=384013#p1547745" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3850", "reference_id": "CVE-2019-3850", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3850" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57662?format=api", "purl": "pkg:composer/moodle/moodle@3.1.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-deur-8zdf-2kh2" }, { "vulnerability": "VCID-qxsq-ku22-r7gx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/57658?format=api", "purl": "pkg:composer/moodle/moodle@3.4.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-deur-8zdf-2kh2" }, { "vulnerability": "VCID-qxsq-ku22-r7gx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/57656?format=api", "purl": "pkg:composer/moodle/moodle@3.5.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-deur-8zdf-2kh2" }, { "vulnerability": "VCID-qxsq-ku22-r7gx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/57657?format=api", "purl": "pkg:composer/moodle/moodle@3.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-deur-8zdf-2kh2" }, { "vulnerability": "VCID-qxsq-ku22-r7gx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.3" } ], "aliases": [ "CVE-2019-3850" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-r6kn-b963-eqge" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40847?format=api", "vulnerability_id": "VCID-s6uu-335k-yfbc", "summary": "Improper Input Validation\nUsers with the \"login as other users\" capability (such as administrators/managers) can access other users' Dashboards, but the JavaScript those other users may have added to their Dashboard was not being escaped when being viewed by the user logging in on their behalf.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3847", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3847" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=384010#p1547742", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=384010#p1547742" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3847", "reference_id": "CVE-2019-3847", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3847" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57662?format=api", "purl": "pkg:composer/moodle/moodle@3.1.17", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-deur-8zdf-2kh2" }, { "vulnerability": "VCID-qxsq-ku22-r7gx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.17" }, { "url": "http://public2.vulnerablecode.io/api/packages/57658?format=api", "purl": "pkg:composer/moodle/moodle@3.4.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-deur-8zdf-2kh2" }, { "vulnerability": "VCID-qxsq-ku22-r7gx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/57656?format=api", "purl": "pkg:composer/moodle/moodle@3.5.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-deur-8zdf-2kh2" }, { "vulnerability": "VCID-qxsq-ku22-r7gx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/57657?format=api", "purl": "pkg:composer/moodle/moodle@3.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-deur-8zdf-2kh2" }, { "vulnerability": "VCID-qxsq-ku22-r7gx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.3" } ], "aliases": [ "CVE-2019-3847" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s6uu-335k-yfbc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/40843?format=api", "vulnerability_id": "VCID-zjrq-np3y-hua5", "summary": "Information Exposure\nPermissions were not correctly checked before loading event information into the calendar's edit event modal popup, so logged in non-guest users could view unauthorised calendar events.", "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3848", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3848" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=384011#p1547743", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=384011#p1547743" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3848", "reference_id": "CVE-2019-3848", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2019-3848" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/57658?format=api", "purl": "pkg:composer/moodle/moodle@3.4.8", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-deur-8zdf-2kh2" }, { "vulnerability": "VCID-qxsq-ku22-r7gx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/57656?format=api", "purl": "pkg:composer/moodle/moodle@3.5.5", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-deur-8zdf-2kh2" }, { "vulnerability": "VCID-qxsq-ku22-r7gx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/57657?format=api", "purl": "pkg:composer/moodle/moodle@3.6.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-deur-8zdf-2kh2" }, { "vulnerability": "VCID-qxsq-ku22-r7gx" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.3" } ], "aliases": [ "CVE-2019-3848" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-zjrq-np3y-hua5" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.3" }