Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/61522?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/61522?format=api", "purl": "pkg:composer/moodle/moodle@2.2.0", "type": "composer", "namespace": "moodle", "name": "moodle", "version": "2.2.0", "qualifiers": {}, "subpath": "", "is_vulnerable": true, "next_non_vulnerable_version": "2.2.2", "latest_non_vulnerable_version": "5.1.2", "affected_by_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43610?format=api", "vulnerability_id": "VCID-1uce-2wtr-8bfg", "summary": "Improper Input Validation\nThe moodle1 backup converter in backup/converter/moodle1/lib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly validate pathnames, which allows remote authenticated users to read arbitrary files by leveraging the backup-restoration feature.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36977", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36977" }, { "reference_url": "http://openwall.com/lists/oss-security/2013/01/21/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2013/01/21/1" }, { "reference_url": "https://github.com/moodle/moodle/commit/0ab681d3e7bed2a37430387f9da8504c0b077d10", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/0ab681d3e7bed2a37430387f9da8504c0b077d10" }, { "reference_url": "https://github.com/moodle/moodle/commit/7b66137f7bcc84fb5eb07f58fb658b21bf37cc44", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/7b66137f7bcc84fb5eb07f58fb658b21bf37cc44" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=220160", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=220160" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6099", "reference_id": "CVE-2012-6099", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6099" }, { "reference_url": "https://github.com/advisories/GHSA-cr78-rphw-w73p", "reference_id": "GHSA-cr78-rphw-w73p", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-cr78-rphw-w73p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62479?format=api", "purl": "pkg:composer/moodle/moodle@2.2.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.2.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/62480?format=api", "purl": "pkg:composer/moodle/moodle@2.3.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/62481?format=api", "purl": "pkg:composer/moodle/moodle@2.4.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.4.1" } ], "aliases": [ "CVE-2012-6099", "GHSA-cr78-rphw-w73p" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1uce-2wtr-8bfg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43760?format=api", "vulnerability_id": "VCID-29gm-tfg6-xkey", "summary": "Moodle Authentication Bypass in Question-Bank\nThe question-bank functionality in Moodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to bypass intended capability requirements and save questions via a save_question action.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-32239", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-32239" }, { "reference_url": "http://openwall.com/lists/oss-security/2012/05/23/2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2012/05/23/2" }, { "reference_url": "https://github.com/moodle/moodle/commit/0f83dd10a1d013e77906c7be4560126bb14c6b5c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/0f83dd10a1d013e77906c7be4560126bb14c6b5c" }, { "reference_url": "https://github.com/moodle/moodle/commit/29e247e44e983f230f248192ffac8e7b7abe37fd", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/29e247e44e983f230f248192ffac8e7b7abe37fd" }, { "reference_url": "https://github.com/moodle/moodle/commit/51c5e6057c67687f5d872f8a228cfea275abf576", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/51c5e6057c67687f5d872f8a228cfea275abf576" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2356", "reference_id": "CVE-2012-2356", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2356" }, { "reference_url": "https://github.com/advisories/GHSA-3rqj-jchw-9cc7", "reference_id": "GHSA-3rqj-jchw-9cc7", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-3rqj-jchw-9cc7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62800?format=api", "purl": "pkg:composer/moodle/moodle@2.2.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.2.3" } ], "aliases": [ "CVE-2012-2356", "GHSA-3rqj-jchw-9cc7" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-29gm-tfg6-xkey" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43639?format=api", "vulnerability_id": "VCID-2vsp-tbwq-1qhf", "summary": "Moodle does not enforce the forceloginforprofiles setting\nuser/view.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 does not enforce the forceloginforprofiles setting, which allows remote attackers to obtain sensitive course-profile information by leveraging the guest role, as demonstrated by a Google search.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37481", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37481" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html" }, { "reference_url": "http://openwall.com/lists/oss-security/2013/03/25/2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2013/03/25/2" }, { "reference_url": "https://github.com/moodle/moodle/commit/3ecc63e9dbe29c6a5a8f65fa8e7980ba0fffb5a8", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/3ecc63e9dbe29c6a5a8f65fa8e7980ba0fffb5a8" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=225341", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=225341" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1830", "reference_id": "CVE-2013-1830", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1830" }, { "reference_url": "https://github.com/advisories/GHSA-8r7x-qq55-74v2", "reference_id": "GHSA-8r7x-qq55-74v2", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-8r7x-qq55-74v2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62388?format=api", "purl": "pkg:composer/moodle/moodle@2.2.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.2.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/62389?format=api", "purl": "pkg:composer/moodle/moodle@2.3.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.3.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/62390?format=api", "purl": "pkg:composer/moodle/moodle@2.4.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.4.2" } ], "aliases": [ "CVE-2013-1830", "GHSA-8r7x-qq55-74v2" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-2vsp-tbwq-1qhf" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43504?format=api", "vulnerability_id": "VCID-41up-e414-hyba", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nMultiple cross-site scripting (XSS) vulnerabilities in the File Picker module in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allow remote authenticated users to inject arbitrary web script or HTML via a crafted filename.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37507", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37507" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html" }, { "reference_url": "http://openwall.com/lists/oss-security/2013/03/25/2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2013/03/25/2" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=225344", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=225344" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1833", "reference_id": "CVE-2013-1833", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1833" }, { "reference_url": "https://github.com/advisories/GHSA-89f3-74m6-g27g", "reference_id": "GHSA-89f3-74m6-g27g", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-89f3-74m6-g27g" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62388?format=api", "purl": "pkg:composer/moodle/moodle@2.2.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.2.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/62389?format=api", "purl": "pkg:composer/moodle/moodle@2.3.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.3.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/62390?format=api", "purl": "pkg:composer/moodle/moodle@2.4.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.4.2" } ], "aliases": [ "CVE-2013-1833", "GHSA-89f3-74m6-g27g" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-41up-e414-hyba" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43004?format=api", "vulnerability_id": "VCID-4cdk-8y5v-nba1", "summary": "Insertion of Sensitive Information into Log File\nMoodle before 2.2.2 has users' private files included in course backups", "references": [ { "reference_url": "http://docs.moodle.org/dev/Moodle_2.0.8_release_notes", "reference_id": "", "reference_type": "", "scores": [], "url": "http://docs.moodle.org/dev/Moodle_2.0.8_release_notes" }, { "reference_url": "http://docs.moodle.org/dev/Moodle_2.1.5_release_notes", "reference_id": "", "reference_type": "", "scores": [], "url": "http://docs.moodle.org/dev/Moodle_2.1.5_release_notes" }, { "reference_url": "http://docs.moodle.org/dev/Moodle_2.2.2_release_notes", "reference_id": "", "reference_type": "", "scores": [], "url": "http://docs.moodle.org/dev/Moodle_2.2.2_release_notes" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1156", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1156" }, { "reference_url": "https://github.com/moodle/moodle/commit/37b6e7a03c77ea99fbe5224a15419e318019c570", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/37b6e7a03c77ea99fbe5224a15419e318019c570" }, { "reference_url": "https://github.com/moodle/moodle/commit/ac6dc09c261219afa0191e9f2daf030bd071d272", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/ac6dc09c261219afa0191e9f2daf030bd071d272" }, { "reference_url": "https://github.com/moodle/moodle/commit/f88224624dca76e1a8a2810fd8cc04292611f91c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/f88224624dca76e1a8a2810fd8cc04292611f91c" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=198623", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=198623" }, { "reference_url": "https://access.redhat.com/security/cve/cve-2012-1156", "reference_id": "CVE-2012-1156", "reference_type": "", "scores": [], "url": "https://access.redhat.com/security/cve/cve-2012-1156" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1156", "reference_id": "CVE-2012-1156", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1156" }, { "reference_url": "https://security-tracker.debian.org/tracker/CVE-2012-1156", "reference_id": "CVE-2012-1156", "reference_type": "", "scores": [], "url": "https://security-tracker.debian.org/tracker/CVE-2012-1156" }, { "reference_url": "https://github.com/advisories/GHSA-358r-g2xw-7c83", "reference_id": "GHSA-358r-g2xw-7c83", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-358r-g2xw-7c83" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61525?format=api", "purl": "pkg:composer/moodle/moodle@2.2.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.2.2" } ], "aliases": [ "CVE-2012-1156", "GHSA-358r-g2xw-7c83" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-4cdk-8y5v-nba1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43679?format=api", "vulnerability_id": "VCID-b2tv-8q9g-qqfz", "summary": "Improper Input Validation\nThe MoodleQuickForm class in lib/formslib.php in Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not properly handle a certain array-element syntax, which allows remote attackers to bypass intended form-data filtering via a crafted request.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-38885", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-38885" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106965.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106965.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106988.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106988.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107026.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107026.html" }, { "reference_url": "http://openwall.com/lists/oss-security/2013/05/21/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2013/05/21/1" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=228935", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=228935" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2083", "reference_id": "CVE-2013-2083", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-2083" }, { "reference_url": "https://github.com/advisories/GHSA-m63h-q4x3-6hwj", "reference_id": "GHSA-m63h-q4x3-6hwj", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-m63h-q4x3-6hwj" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62266?format=api", "purl": "pkg:composer/moodle/moodle@2.2.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-qgn8-zs2m-vkc4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.2.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/62267?format=api", "purl": "pkg:composer/moodle/moodle@2.3.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.3.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/62268?format=api", "purl": "pkg:composer/moodle/moodle@2.4.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.4.4" } ], "aliases": [ "CVE-2013-2083", "GHSA-m63h-q4x3-6hwj" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-b2tv-8q9g-qqfz" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43746?format=api", "vulnerability_id": "VCID-c9kg-rsj3-b3bw", "summary": "Exposure of Sensitive Information to an Unauthorized Actor\nMoodle 2.1.x before 2.1.6 and 2.2.x before 2.2.3 allows remote authenticated users to obtain sensitive user information from hidden fields by leveraging the teacher role and navigating to \"Enrolled users\" under the Users Settings section.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-31923", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-31923" }, { "reference_url": "http://openwall.com/lists/oss-security/2012/05/23/2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2012/05/23/2" }, { "reference_url": "https://github.com/moodle/moodle/commit/a645b79113b2ee7881b6bdae64a0c2a9f04db5c7", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/a645b79113b2ee7881b6bdae64a0c2a9f04db5c7" }, { "reference_url": "https://github.com/moodle/moodle/commit/ce13ea6ceb15f00c3cc6d40d79b06be39de7987a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/ce13ea6ceb15f00c3cc6d40d79b06be39de7987a" }, { "reference_url": "https://github.com/moodle/moodle/commit/cfaa50a61d61719c65aa7e26f5444852931e07b6", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/cfaa50a61d61719c65aa7e26f5444852931e07b6" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2353", "reference_id": "CVE-2012-2353", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-2353" }, { "reference_url": "https://github.com/advisories/GHSA-mr97-gvvg-rhgh", "reference_id": "GHSA-mr97-gvvg-rhgh", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mr97-gvvg-rhgh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62800?format=api", "purl": "pkg:composer/moodle/moodle@2.2.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.2.3" } ], "aliases": [ "CVE-2012-2353", "GHSA-mr97-gvvg-rhgh" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-c9kg-rsj3-b3bw" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42995?format=api", "vulnerability_id": "VCID-e2hb-w8g1-xbax", "summary": "Incorrect Default Permissions\nMoodle before 2.2.2 has a default repository capabilities issue where all repositories are viewable by all users by default", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1157", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1157" }, { "reference_url": "https://github.com/moodle/moodle/commit/246c2cb8e5af71a7d7c605b8fc9f9563e0fb3bc4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/246c2cb8e5af71a7d7c605b8fc9f9563e0fb3bc4" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=198624", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=198624" }, { "reference_url": "https://access.redhat.com/security/cve/cve-2012-1157", "reference_id": "CVE-2012-1157", "reference_type": "", "scores": [], "url": "https://access.redhat.com/security/cve/cve-2012-1157" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1157", "reference_id": "CVE-2012-1157", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1157" }, { "reference_url": "https://security-tracker.debian.org/tracker/CVE-2012-1157", "reference_id": "CVE-2012-1157", "reference_type": "", "scores": [], "url": "https://security-tracker.debian.org/tracker/CVE-2012-1157" }, { "reference_url": "https://github.com/advisories/GHSA-2x36-7xfm-pgm7", "reference_id": "GHSA-2x36-7xfm-pgm7", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-2x36-7xfm-pgm7" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61525?format=api", "purl": "pkg:composer/moodle/moodle@2.2.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.2.2" } ], "aliases": [ "CVE-2012-1157", "GHSA-2x36-7xfm-pgm7" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-e2hb-w8g1-xbax" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43468?format=api", "vulnerability_id": "VCID-et8t-f1u1-kudb", "summary": "Moodle Allows Unauthenticated Dropbox Access\nThe Dropbox Repository File Picker in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to access the Dropbox of a different user by leveraging an unattended workstation after a logout.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-29872", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-29872" }, { "reference_url": "http://openwall.com/lists/oss-security/2012/11/19/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2012/11/19/1" }, { "reference_url": "https://github.com/moodle/moodle/commit/8eb614d4bb4a80ed51520bca528530914082136f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/8eb614d4bb4a80ed51520bca528530914082136f" }, { "reference_url": "https://github.com/moodle/moodle/commit/a3433213a1a2346c145e004ab1dc08b58279f910", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/a3433213a1a2346c145e004ab1dc08b58279f910" }, { "reference_url": "https://github.com/moodle/moodle/commit/c62a20c42b96f0195c4de075e5c58a4e7d381428", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/c62a20c42b96f0195c4de075e5c58a4e7d381428" }, { "reference_url": "https://github.com/moodle/moodle/commit/cd029574b699c74e55fa287f0b4db45d2dcf9fde", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/cd029574b699c74e55fa287f0b4db45d2dcf9fde" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=216155", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=216155" }, { "reference_url": "https://web.archive.org/web/20121202030020/http://www.securityfocus.com/bid/56505", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20121202030020/http://www.securityfocus.com/bid/56505" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5471", "reference_id": "CVE-2012-5471", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-5471" }, { "reference_url": "https://github.com/advisories/GHSA-mpjx-8phj-5m34", "reference_id": "GHSA-mpjx-8phj-5m34", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-mpjx-8phj-5m34" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62331?format=api", "purl": "pkg:composer/moodle/moodle@2.2.6", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1uce-2wtr-8bfg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.2.6" }, { "url": "http://public2.vulnerablecode.io/api/packages/62332?format=api", "purl": "pkg:composer/moodle/moodle@2.3.3", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1uce-2wtr-8bfg" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.3.3" } ], "aliases": [ "CVE-2012-5471", "GHSA-mpjx-8phj-5m34" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-et8t-f1u1-kudb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/42996?format=api", "vulnerability_id": "VCID-jbvt-9yy2-afb4", "summary": "Exposure of Sensitive Information to an Unauthorized Actor\nMoodle before 2.2.2: Overview report allows users to see hidden courses", "references": [ { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/077635.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078209.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-April/078210.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/080712.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2012-May/081047.html" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1159", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-1159" }, { "reference_url": "https://github.com/moodle/moodle/commit/31eae0eb1798642a2cabff2fdcf88af721632544", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/31eae0eb1798642a2cabff2fdcf88af721632544" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=198628", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=198628" }, { "reference_url": "https://access.redhat.com/security/cve/cve-2012-1159", "reference_id": "CVE-2012-1159", "reference_type": "", "scores": [], "url": "https://access.redhat.com/security/cve/cve-2012-1159" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1159", "reference_id": "CVE-2012-1159", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-1159" }, { "reference_url": "https://security-tracker.debian.org/tracker/CVE-2012-1159", "reference_id": "CVE-2012-1159", "reference_type": "", "scores": [], "url": "https://security-tracker.debian.org/tracker/CVE-2012-1159" }, { "reference_url": "https://github.com/advisories/GHSA-p9hr-f4xj-8w8r", "reference_id": "GHSA-p9hr-f4xj-8w8r", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-p9hr-f4xj-8w8r" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61525?format=api", "purl": "pkg:composer/moodle/moodle@2.2.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.2.2" } ], "aliases": [ "CVE-2012-1159", "GHSA-p9hr-f4xj-8w8r" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-jbvt-9yy2-afb4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43533?format=api", "vulnerability_id": "VCID-mh2f-ytz5-9fhg", "summary": "PHP Spellchecker addon for TinyMCE allows attackers to trigger arbitrary outbound HTTP requests\nclasses/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly handle control characters, which allows remote attackers to trigger arbitrary outbound HTTP requests via a crafted string.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37283", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37283" }, { "reference_url": "http://openwall.com/lists/oss-security/2013/01/21/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2013/01/21/1" }, { "reference_url": "https://github.com/moodle/moodle/commit/6fac8f7f04c9fe7f8bbb54a9c00ec5f9ea4f09e0", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/6fac8f7f04c9fe7f8bbb54a9c00ec5f9ea4f09e0" }, { "reference_url": "https://github.com/moodle/moodle/commit/9803d8fc3ce08c8f8b88ad3a95d9a7c97678a3e3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/9803d8fc3ce08c8f8b88ad3a95d9a7c97678a3e3" }, { "reference_url": "https://github.com/moodle/moodle/commit/a3243760c243ddad76e91840134009c3681cb16a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/a3243760c243ddad76e91840134009c3681cb16a" }, { "reference_url": "https://github.com/moodle/moodle/commit/f938b1a89b8f381129120a37915d1b345333b3fb", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/f938b1a89b8f381129120a37915d1b345333b3fb" }, { "reference_url": "https://github.com/tinymce/tinymce_spellchecker_php/commit/22910187bfb9edae90c26e10100d8145b505b974", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/tinymce/tinymce_spellchecker_php/commit/22910187bfb9edae90c26e10100d8145b505b974" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=220157", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=220157" }, { "reference_url": "https://web.archive.org/web/20121015010345/http://www.tinymce.com/develop/changelog/?type=phpspell", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20121015010345/http://www.tinymce.com/develop/changelog/?type=phpspell" }, { "reference_url": "https://web.archive.org/web/20121129021911/http://www.tinymce.com/forum/viewtopic.php?id=30036", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20121129021911/http://www.tinymce.com/forum/viewtopic.php?id=30036" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6112", "reference_id": "CVE-2012-6112", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6112" }, { "reference_url": "https://github.com/advisories/GHSA-fx5h-3786-h2w6", "reference_id": "GHSA-fx5h-3786-h2w6", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-fx5h-3786-h2w6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62479?format=api", "purl": "pkg:composer/moodle/moodle@2.2.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.2.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/62480?format=api", "purl": "pkg:composer/moodle/moodle@2.3.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/62481?format=api", "purl": "pkg:composer/moodle/moodle@2.4.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.4.1" } ], "aliases": [ "CVE-2012-6112", "GHSA-fx5h-3786-h2w6" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mh2f-ytz5-9fhg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43499?format=api", "vulnerability_id": "VCID-vgxb-fkuj-9fgk", "summary": "Exposure of Sensitive Information to an Unauthorized Actor\nrepository/webdav/lib.php in Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 includes the WebDAV password in the configuration form, which allows remote authenticated administrators to obtain sensitive information by configuring an instance.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37681", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37681" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html" }, { "reference_url": "http://openwall.com/lists/oss-security/2013/03/25/2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2013/03/25/2" }, { "reference_url": "https://github.com/moodle/moodle/commit/0e94caf991d4e399726e5dc0769873d9f753a727", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/0e94caf991d4e399726e5dc0769873d9f753a727" }, { "reference_url": "https://github.com/moodle/moodle/commit/46eec6e46b89a7e8e3f08e460d917f2d1a2959d8", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/46eec6e46b89a7e8e3f08e460d917f2d1a2959d8" }, { "reference_url": "https://github.com/moodle/moodle/commit/92e592385784ec7ea5b5328a0c3c1608d321ad32", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/92e592385784ec7ea5b5328a0c3c1608d321ad32" }, { "reference_url": "https://github.com/moodle/moodle/commit/ce96f23fe15ce6addc2f56af015452c3ea406190", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/ce96f23fe15ce6addc2f56af015452c3ea406190" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=225343", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=225343" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1832", "reference_id": "CVE-2013-1832", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1832" }, { "reference_url": "https://github.com/advisories/GHSA-pgp5-rcwp-qvfg", "reference_id": "GHSA-pgp5-rcwp-qvfg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-pgp5-rcwp-qvfg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62388?format=api", "purl": "pkg:composer/moodle/moodle@2.2.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.2.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/62389?format=api", "purl": "pkg:composer/moodle/moodle@2.3.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.3.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/62390?format=api", "purl": "pkg:composer/moodle/moodle@2.4.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.4.2" } ], "aliases": [ "CVE-2013-1832", "GHSA-pgp5-rcwp-qvfg" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-vgxb-fkuj-9fgk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43696?format=api", "vulnerability_id": "VCID-y15n-cf9z-dyc4", "summary": "Exposure of Sensitive Information to an Unauthorized Actor\nlib/setuplib.php in Moodle through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote attackers to obtain sensitive information via an invalid request, which reveals the absolute path in an exception message.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36901", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36901" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101310.html" }, { "reference_url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html", "reference_id": "", "reference_type": "", "scores": [], "url": "http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101358.html" }, { "reference_url": "http://openwall.com/lists/oss-security/2013/03/25/2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2013/03/25/2" }, { "reference_url": "https://github.com/moodle/moodle/commit/2c7cdbb3b0b6ba4dd64297463d37a5acbd730216", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/2c7cdbb3b0b6ba4dd64297463d37a5acbd730216" }, { "reference_url": "https://github.com/moodle/moodle/commit/53c66110a878f4f4644728138ea97c22990263e3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/53c66110a878f4f4644728138ea97c22990263e3" }, { "reference_url": "https://github.com/moodle/moodle/commit/8d220cb552d9c55b98aef70e2f40ef560efeb79b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/8d220cb552d9c55b98aef70e2f40ef560efeb79b" }, { "reference_url": "https://github.com/moodle/moodle/commit/b3daaada49a2dd83a4f1e832465d5c318f9f275c", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/b3daaada49a2dd83a4f1e832465d5c318f9f275c" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=225342", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=225342" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1831", "reference_id": "CVE-2013-1831", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-1831" }, { "reference_url": "https://github.com/advisories/GHSA-xr24-jp5c-6c4v", "reference_id": "GHSA-xr24-jp5c-6c4v", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-xr24-jp5c-6c4v" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62388?format=api", "purl": "pkg:composer/moodle/moodle@2.2.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.2.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/62389?format=api", "purl": "pkg:composer/moodle/moodle@2.3.5", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.3.5" }, { "url": "http://public2.vulnerablecode.io/api/packages/62390?format=api", "purl": "pkg:composer/moodle/moodle@2.4.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.4.2" } ], "aliases": [ "CVE-2013-1831", "GHSA-xr24-jp5c-6c4v" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y15n-cf9z-dyc4" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43454?format=api", "vulnerability_id": "VCID-yyug-rt71-yfds", "summary": "Moodle Users Can Bypass Deleted Status\nThe webservices functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 allows remote authenticated users to bypass the deleted status and continue using a server via a token.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-28126", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-28126" }, { "reference_url": "http://moodle.org/mod/forum/discuss.php?d=194016", "reference_id": "", "reference_type": "", "scores": [], "url": "http://moodle.org/mod/forum/discuss.php?d=194016" }, { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=783532", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=783532" }, { "reference_url": "https://github.com/moodle/moodle/commit/364622b4662d9f349f3701ed548cda2f31491fea", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/364622b4662d9f349f3701ed548cda2f31491fea" }, { "reference_url": "https://github.com/moodle/moodle/commit/bbcde38b334ecbfa2a18b01b77a7e995b2c0d9f7", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/bbcde38b334ecbfa2a18b01b77a7e995b2c0d9f7" }, { "reference_url": "https://github.com/moodle/moodle/commit/dbfa519ad9e4d33ac3a4cd506d606d56a2f0bbff", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/dbfa519ad9e4d33ac3a4cd506d606d56a2f0bbff" }, { "reference_url": "https://github.com/moodle/moodle/commit/e922d9a90bab337b1082fbe28c352c18cae2580e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/e922d9a90bab337b1082fbe28c352c18cae2580e" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0797", "reference_id": "CVE-2012-0797", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-0797" }, { "reference_url": "https://github.com/advisories/GHSA-72gv-qqrp-h9qg", "reference_id": "GHSA-72gv-qqrp-h9qg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-72gv-qqrp-h9qg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/61523?format=api", "purl": "pkg:composer/moodle/moodle@2.2.1", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-4cdk-8y5v-nba1" }, { "vulnerability": "VCID-e2hb-w8g1-xbax" }, { "vulnerability": "VCID-jbvt-9yy2-afb4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.2.1" } ], "aliases": [ "CVE-2012-0797", "GHSA-72gv-qqrp-h9qg" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-yyug-rt71-yfds" } ], "fixing_vulnerabilities": [], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.2.0" }