Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/moodle/moodle@3.5.18
Typecomposer
Namespacemoodle
Namemoodle
Version3.5.18
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version3.6.2
Latest_non_vulnerable_version5.1.2
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-2cdg-m3pq-ufe5
vulnerability_id VCID-2cdg-m3pq-ufe5
summary 
Uncontrolled Resource Consumption
A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected.
references
0
reference_url https://moodle.org/mod/forum/discuss.php?d=422310
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=422310
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-32476
reference_id CVE-2021-32476
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-32476
fixed_packages
0
url pkg:composer/moodle/moodle@3.5.18
purl pkg:composer/moodle/moodle@3.5.18
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.18
1
url pkg:composer/moodle/moodle@3.8.9
purl pkg:composer/moodle/moodle@3.8.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-57wg-wxss-jbaw
1
vulnerability VCID-hk13-uc46-87h1
2
vulnerability VCID-qfvz-hf8h-8bb3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.8.9
2
url pkg:composer/moodle/moodle@3.9.7
purl pkg:composer/moodle/moodle@3.9.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.7
3
url pkg:composer/moodle/moodle@3.10.4
purl pkg:composer/moodle/moodle@3.10.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.4
aliases CVE-2021-32476
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2cdg-m3pq-ufe5
1
url VCID-bju3-sj3y-83e3
vulnerability_id VCID-bju3-sj3y-83e3
summary 
Exposure of Sensitive Information to an Unauthorized Actor
It was possible for a student to view their quiz grade before it had been released, using a quiz web service. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected
references
0
reference_url https://moodle.org/mod/forum/discuss.php?d=422307
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=422307
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-32473
reference_id CVE-2021-32473
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-32473
fixed_packages
0
url pkg:composer/moodle/moodle@3.5.18
purl pkg:composer/moodle/moodle@3.5.18
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.18
1
url pkg:composer/moodle/moodle@3.8.9
purl pkg:composer/moodle/moodle@3.8.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-57wg-wxss-jbaw
1
vulnerability VCID-hk13-uc46-87h1
2
vulnerability VCID-qfvz-hf8h-8bb3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.8.9
2
url pkg:composer/moodle/moodle@3.9.7
purl pkg:composer/moodle/moodle@3.9.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.7
3
url pkg:composer/moodle/moodle@3.10.4
purl pkg:composer/moodle/moodle@3.10.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.4
aliases CVE-2021-32473
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bju3-sj3y-83e3
2
url VCID-cs5n-4bst-zfcj
vulnerability_id VCID-cs5n-4bst-zfcj
summary 
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
An SQL injection risk existed on sites with MNet enabled and configured, via an XML-RPC call from the connected peer host. Note that this required site administrator access or access to the keypair. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected.
references
0
reference_url https://moodle.org/mod/forum/discuss.php?d=422308
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=422308
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-32474
reference_id CVE-2021-32474
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-32474
fixed_packages
0
url pkg:composer/moodle/moodle@3.5.18
purl pkg:composer/moodle/moodle@3.5.18
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.18
1
url pkg:composer/moodle/moodle@3.8.9
purl pkg:composer/moodle/moodle@3.8.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-57wg-wxss-jbaw
1
vulnerability VCID-hk13-uc46-87h1
2
vulnerability VCID-qfvz-hf8h-8bb3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.8.9
2
url pkg:composer/moodle/moodle@3.9.7
purl pkg:composer/moodle/moodle@3.9.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.7
3
url pkg:composer/moodle/moodle@3.10.4
purl pkg:composer/moodle/moodle@3.10.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.4
aliases CVE-2021-32474
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cs5n-4bst-zfcj
3
url VCID-efq2-s2df-pqa1
vulnerability_id VCID-efq2-s2df-pqa1
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
ID numbers displayed in the quiz grading report required additional sanitizing to prevent a stored XSS risk. Moodle 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected.
references
0
reference_url https://moodle.org/mod/forum/discuss.php?d=422309
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=422309
1
reference_url https://nvd.nist.gov/vuln/detail/CVE-2021-32475
reference_id CVE-2021-32475
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2021-32475
fixed_packages
0
url pkg:composer/moodle/moodle@3.5.18
purl pkg:composer/moodle/moodle@3.5.18
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.18
1
url pkg:composer/moodle/moodle@3.8.9
purl pkg:composer/moodle/moodle@3.8.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-57wg-wxss-jbaw
1
vulnerability VCID-hk13-uc46-87h1
2
vulnerability VCID-qfvz-hf8h-8bb3
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.8.9
2
url pkg:composer/moodle/moodle@3.9.7
purl pkg:composer/moodle/moodle@3.9.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.7
3
url pkg:composer/moodle/moodle@3.10.4
purl pkg:composer/moodle/moodle@3.10.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.4
aliases CVE-2021-32475
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-efq2-s2df-pqa1
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.18