Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/moodle/moodle@3.9.11
Typecomposer
Namespacemoodle
Namemoodle
Version3.9.11
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.9.12
Latest_non_vulnerable_version5.1.2
Affected_by_vulnerabilities
0
url VCID-hk13-uc46-87h1
vulnerability_id VCID-hk13-uc46-87h1
summary 
Exposure of Resource to Wrong Sphere
Insufficient capability checks could lead to users accessing their grade report for courses where they does not have the required `gradereport/user:view` capability.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2043664
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2043664
1
reference_url https://moodle.org/mod/forum/discuss.php?d=431102
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=431102
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2022-0334
reference_id CVE-2022-0334
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2022-0334
fixed_packages
0
url pkg:composer/moodle/moodle@3.9.12
purl pkg:composer/moodle/moodle@3.9.12
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.12
1
url pkg:composer/moodle/moodle@3.10.9
purl pkg:composer/moodle/moodle@3.10.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-95f1-6g3r-rkg4
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.9
2
url pkg:composer/moodle/moodle@3.11.5
purl pkg:composer/moodle/moodle@3.11.5
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.11.5
aliases CVE-2022-0334
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-hk13-uc46-87h1
Fixing_vulnerabilities
0
url VCID-164m-humk-1fe3
vulnerability_id VCID-164m-humk-1fe3
summary 
Exposure of Resource to Wrong Sphere
Insufficient capability checks made it possible to fetch other users' calendar action events.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2021519
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2021519
1
reference_url https://moodle.org/mod/forum/discuss.php?d=429100
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=429100
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-43560
reference_id CVE-2021-43560
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-43560
fixed_packages
0
url pkg:composer/moodle/moodle@3.8.9
purl pkg:composer/moodle/moodle@3.8.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-57wg-wxss-jbaw
1
vulnerability VCID-hk13-uc46-87h1
2
vulnerability VCID-qfvz-hf8h-8bb3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.8.9
1
url pkg:composer/moodle/moodle@3.9.11
purl pkg:composer/moodle/moodle@3.9.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hk13-uc46-87h1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.11
2
url pkg:composer/moodle/moodle@3.10.8
purl pkg:composer/moodle/moodle@3.10.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.8
3
url pkg:composer/moodle/moodle@3.11.4
purl pkg:composer/moodle/moodle@3.11.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.11.4
aliases CVE-2021-43560
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-164m-humk-1fe3
1
url VCID-p3ge-1cqt-tufw
vulnerability_id VCID-p3ge-1cqt-tufw
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
A URL parameter in the filetype site administrator tool requires extra sanitizing to prevent a reflected XSS risk.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2021515
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2021515
1
reference_url https://moodle.org/mod/forum/discuss.php?d=429097
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=429097
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-43558
reference_id CVE-2021-43558
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-43558
fixed_packages
0
url pkg:composer/moodle/moodle@3.8.9
purl pkg:composer/moodle/moodle@3.8.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-57wg-wxss-jbaw
1
vulnerability VCID-hk13-uc46-87h1
2
vulnerability VCID-qfvz-hf8h-8bb3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.8.9
1
url pkg:composer/moodle/moodle@3.9.11
purl pkg:composer/moodle/moodle@3.9.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hk13-uc46-87h1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.11
2
url pkg:composer/moodle/moodle@3.10.8
purl pkg:composer/moodle/moodle@3.10.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.8
3
url pkg:composer/moodle/moodle@3.11.4
purl pkg:composer/moodle/moodle@3.11.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.11.4
aliases CVE-2021-43558
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p3ge-1cqt-tufw
2
url VCID-u32t-89zc-v3gj
vulnerability_id VCID-u32t-89zc-v3gj
summary 
Cross-Site Request Forgery (CSRF)
The `delete related badge` functionality does not include the necessary token check to prevent a CSRF risk.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2021517
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2021517
1
reference_url https://moodle.org/mod/forum/discuss.php?d=429099
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=429099
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-43559
reference_id CVE-2021-43559
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-43559
fixed_packages
0
url pkg:composer/moodle/moodle@3.8.9
purl pkg:composer/moodle/moodle@3.8.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-57wg-wxss-jbaw
1
vulnerability VCID-hk13-uc46-87h1
2
vulnerability VCID-qfvz-hf8h-8bb3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.8.9
1
url pkg:composer/moodle/moodle@3.9.11
purl pkg:composer/moodle/moodle@3.9.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hk13-uc46-87h1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.11
2
url pkg:composer/moodle/moodle@3.10.8
purl pkg:composer/moodle/moodle@3.10.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.8
3
url pkg:composer/moodle/moodle@3.11.4
purl pkg:composer/moodle/moodle@3.11.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.11.4
aliases CVE-2021-43559
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-u32t-89zc-v3gj
3
url VCID-zf4q-a4cz-y7dh
vulnerability_id VCID-zf4q-a4cz-y7dh
summary 
Improper Input Validation
A flaw was found in Moodle to to to unsupported versions. A remote code execution risk when restoring backup files was identified.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=2021963
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=2021963
1
reference_url https://moodle.org/mod/forum/discuss.php?d=429095
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=429095
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-3943
reference_id CVE-2021-3943
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-3943
fixed_packages
0
url pkg:composer/moodle/moodle@3.9.11
purl pkg:composer/moodle/moodle@3.9.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-hk13-uc46-87h1
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.11
1
url pkg:composer/moodle/moodle@3.10.8
purl pkg:composer/moodle/moodle@3.10.8
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.8
2
url pkg:composer/moodle/moodle@3.11.4
purl pkg:composer/moodle/moodle@3.11.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.11.4
aliases CVE-2021-3943
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zf4q-a4cz-y7dh
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.11