Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/62169?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/62169?format=api", "purl": "pkg:composer/moodle/moodle@2.6.7", "type": "composer", "namespace": "moodle", "name": "moodle", "version": "2.6.7", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "2.6.8", "latest_non_vulnerable_version": "5.1.2", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43373?format=api", "vulnerability_id": "VCID-46jw-xjbu-b3f1", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site scripting (XSS) vulnerability in course/pending.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to inject arbitrary web script or HTML via a crafted course summary.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48368", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48368" }, { "reference_url": "http://openwall.com/lists/oss-security/2015/01/19/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2015/01/19/1" }, { "reference_url": "https://github.com/moodle/moodle/commit/38ca8793b6faa6c35176537c8015cc4e76ce73f5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/38ca8793b6faa6c35176537c8015cc4e76ce73f5" }, { "reference_url": "https://github.com/moodle/moodle/commit/7a15c996ebd90c776bae1a77573b95e8a43467b6", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/7a15c996ebd90c776bae1a77573b95e8a43467b6" }, { "reference_url": "https://github.com/moodle/moodle/commit/82356399b97be933c4d72f9c55b797e49b8c8232", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/82356399b97be933c4d72f9c55b797e49b8c8232" }, { "reference_url": "https://github.com/moodle/moodle/commit/b270bb0d75d2354b7fbf4b8ccf0b995037973684", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/b270bb0d75d2354b7fbf4b8ccf0b995037973684" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=278612", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=278612" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0212", "reference_id": "CVE-2015-0212", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0212" }, { "reference_url": "https://github.com/advisories/GHSA-jj3j-mhgc-g4m4", "reference_id": "GHSA-jj3j-mhgc-g4m4", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-jj3j-mhgc-g4m4" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62169?format=api", "purl": "pkg:composer/moodle/moodle@2.6.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/62170?format=api", "purl": "pkg:composer/moodle/moodle@2.7.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/62171?format=api", "purl": "pkg:composer/moodle/moodle@2.8.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.2" } ], "aliases": [ "CVE-2015-0212", "GHSA-jj3j-mhgc-g4m4" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-46jw-xjbu-b3f1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43378?format=api", "vulnerability_id": "VCID-5nfq-4syg-87da", "summary": "Cross-Site Request Forgery (CSRF)\nCross-site request forgery (CSRF) vulnerability in auth/shibboleth/logout.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47964", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47964" }, { "reference_url": "http://openwall.com/lists/oss-security/2015/01/19/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2015/01/19/1" }, { "reference_url": "https://github.com/moodle/moodle/commit/371d58d70d4ef866f35e33ea6898007112bfe654", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/371d58d70d4ef866f35e33ea6898007112bfe654" }, { "reference_url": "https://github.com/moodle/moodle/commit/693918c30e6b7c95dddd9c5973f98d98342a59d9", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/693918c30e6b7c95dddd9c5973f98d98342a59d9" }, { "reference_url": "https://github.com/moodle/moodle/commit/b82b4c562b705ea8f11893d9126889bb696b9612", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/b82b4c562b705ea8f11893d9126889bb696b9612" }, { "reference_url": "https://github.com/moodle/moodle/commit/fb60e23a67931eeba8fc9aacf3cc838e462f21f2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/fb60e23a67931eeba8fc9aacf3cc838e462f21f2" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=278618", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=278618" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0218", "reference_id": "CVE-2015-0218", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0218" }, { "reference_url": "https://github.com/advisories/GHSA-5jph-mvfm-r27p", "reference_id": "GHSA-5jph-mvfm-r27p", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-5jph-mvfm-r27p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62169?format=api", "purl": "pkg:composer/moodle/moodle@2.6.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/62170?format=api", "purl": "pkg:composer/moodle/moodle@2.7.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/62171?format=api", "purl": "pkg:composer/moodle/moodle@2.8.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.2" } ], "aliases": [ "CVE-2015-0218", "GHSA-5jph-mvfm-r27p" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-5nfq-4syg-87da" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43385?format=api", "vulnerability_id": "VCID-95mq-m2jz-a3ab", "summary": "Moodle allows attackers to cause a denial of service\nfilter/mediaplugin/filter.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to cause a denial of service (CPU consumption or partial outage) via a crafted string that is matched against an improper regular expression.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48546", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48546" }, { "reference_url": "http://openwall.com/lists/oss-security/2015/01/19/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2015/01/19/1" }, { "reference_url": "https://github.com/moodle/moodle/commit/01da07a42be0f69de9f316be6ee8cb25ecd60c19", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/01da07a42be0f69de9f316be6ee8cb25ecd60c19" }, { "reference_url": "https://github.com/moodle/moodle/commit/25191bc31187f6381ad9fc690b653414ea3bc6d4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/25191bc31187f6381ad9fc690b653414ea3bc6d4" }, { "reference_url": "https://github.com/moodle/moodle/commit/531492a32cf77f90bc48c4868a5f71dd7040049f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/531492a32cf77f90bc48c4868a5f71dd7040049f" }, { "reference_url": "https://github.com/moodle/moodle/commit/5329d84f0b5767f5bb800b203bfb89753ac35146", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/5329d84f0b5767f5bb800b203bfb89753ac35146" }, { "reference_url": "https://github.com/moodle/moodle/commit/63ed941a9363b6da3322df2b8de5be0d1df6d81a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/63ed941a9363b6da3322df2b8de5be0d1df6d81a" }, { "reference_url": "https://github.com/moodle/moodle/commit/70229b7ec718ee3929109c54de74a8d14264a166", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/70229b7ec718ee3929109c54de74a8d14264a166" }, { "reference_url": "https://github.com/moodle/moodle/commit/d11969e7775b0fc1a2debf6ec91e42d25b0eeecd", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/d11969e7775b0fc1a2debf6ec91e42d25b0eeecd" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=278617", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=278617" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0217", "reference_id": "CVE-2015-0217", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0217" }, { "reference_url": "https://github.com/advisories/GHSA-p497-37fc-xvvc", "reference_id": "GHSA-p497-37fc-xvvc", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-p497-37fc-xvvc" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62169?format=api", "purl": "pkg:composer/moodle/moodle@2.6.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/62170?format=api", "purl": "pkg:composer/moodle/moodle@2.7.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/62171?format=api", "purl": "pkg:composer/moodle/moodle@2.8.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.2" } ], "aliases": [ "CVE-2015-0217", "GHSA-p497-37fc-xvvc" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-95mq-m2jz-a3ab" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43388?format=api", "vulnerability_id": "VCID-9z66-z9af-17f7", "summary": "Moodle allows attackers to bypass a messaging-disabled setting\nmessage/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to bypass a messaging-disabled setting via a web-services request, as demonstrated by a people-search request.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48329", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48329" }, { "reference_url": "http://openwall.com/lists/oss-security/2015/01/19/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2015/01/19/1" }, { "reference_url": "https://github.com/moodle/moodle/commit/436bbf8975f0daef329c6483ec595dbf9b39ee56", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/436bbf8975f0daef329c6483ec595dbf9b39ee56" }, { "reference_url": "https://github.com/moodle/moodle/commit/5770e5147838aa06a3ecdff6fc3aebbbd17fff90", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/5770e5147838aa06a3ecdff6fc3aebbbd17fff90" }, { "reference_url": "https://github.com/moodle/moodle/commit/c4250ef4f23776ff4862d2860b6be2cf7b2d85f6", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/c4250ef4f23776ff4862d2860b6be2cf7b2d85f6" }, { "reference_url": "https://github.com/moodle/moodle/commits/v2.6.7#:~:text=MDL%2D48106%20mod_glossary%3A%20Add%20missing%20sesskey%20checks", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commits/v2.6.7#:~:text=MDL%2D48106%20mod_glossary%3A%20Add%20missing%20sesskey%20checks" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=278614", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=278614" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0214", "reference_id": "CVE-2015-0214", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0214" }, { "reference_url": "https://github.com/advisories/GHSA-4jm2-c9jr-6prf", "reference_id": "GHSA-4jm2-c9jr-6prf", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-4jm2-c9jr-6prf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62169?format=api", "purl": "pkg:composer/moodle/moodle@2.6.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/62170?format=api", "purl": "pkg:composer/moodle/moodle@2.7.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/62171?format=api", "purl": "pkg:composer/moodle/moodle@2.8.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.2" } ], "aliases": [ "CVE-2015-0214", "GHSA-4jm2-c9jr-6prf" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-9z66-z9af-17f7" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43579?format=api", "vulnerability_id": "VCID-a3pu-x51u-1udr", "summary": "Exposure of Sensitive Information to an Unauthorized Actor\ncalendar/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allows remote authenticated users to obtain sensitive calendar-event information via a web-services request.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48017", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48017" }, { "reference_url": "http://openwall.com/lists/oss-security/2015/01/19/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2015/01/19/1" }, { "reference_url": "https://github.com/moodle/moodle/commit/5770e5147838aa06a3ecdff6fc3aebbbd17fff90", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/5770e5147838aa06a3ecdff6fc3aebbbd17fff90" }, { "reference_url": "https://github.com/moodle/moodle/commit/76aea854f6877cc5accb288bc6ac60bc55d30788", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/76aea854f6877cc5accb288bc6ac60bc55d30788" }, { "reference_url": "https://github.com/moodle/moodle/commit/c4250ef4f23776ff4862d2860b6be2cf7b2d85f6", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/c4250ef4f23776ff4862d2860b6be2cf7b2d85f6" }, { "reference_url": "https://github.com/moodle/moodle/commit/e83c756f84e16ab70e160e08deb84e9bc4bfbfea", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/e83c756f84e16ab70e160e08deb84e9bc4bfbfea" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=278615", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=278615" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0215", "reference_id": "CVE-2015-0215", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0215" }, { "reference_url": "https://github.com/advisories/GHSA-fr9m-pjmm-qx9f", "reference_id": "GHSA-fr9m-pjmm-qx9f", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-fr9m-pjmm-qx9f" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62169?format=api", "purl": "pkg:composer/moodle/moodle@2.6.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/62170?format=api", "purl": "pkg:composer/moodle/moodle@2.7.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/62171?format=api", "purl": "pkg:composer/moodle/moodle@2.8.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.2" } ], "aliases": [ "CVE-2015-0215", "GHSA-fr9m-pjmm-qx9f" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a3pu-x51u-1udr" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43551?format=api", "vulnerability_id": "VCID-aqc8-tmeg-9fdd", "summary": "Cross-Site Request Forgery (CSRF)\nMultiple cross-site request forgery (CSRF) vulnerabilities in (1) editcategories.html and (2) editcategories.php in the Glossary module in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 allow remote attackers to hijack the authentication of unspecified victims.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48106", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-48106" }, { "reference_url": "http://openwall.com/lists/oss-security/2015/01/19/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2015/01/19/1" }, { "reference_url": "https://github.com/moodle/moodle/commit/5770e5147838aa06a3ecdff6fc3aebbbd17fff90", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/5770e5147838aa06a3ecdff6fc3aebbbd17fff90" }, { "reference_url": "https://github.com/moodle/moodle/commit/c4250ef4f23776ff4862d2860b6be2cf7b2d85f6", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/c4250ef4f23776ff4862d2860b6be2cf7b2d85f6" }, { "reference_url": "https://github.com/moodle/moodle/commit/e83c756f84e16ab70e160e08deb84e9bc4bfbfea", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/e83c756f84e16ab70e160e08deb84e9bc4bfbfea" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=278613", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=278613" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0213", "reference_id": "CVE-2015-0213", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0213" }, { "reference_url": "https://github.com/advisories/GHSA-hhq7-jf2p-hw9c", "reference_id": "GHSA-hhq7-jf2p-hw9c", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-hhq7-jf2p-hw9c" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62169?format=api", "purl": "pkg:composer/moodle/moodle@2.6.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/62170?format=api", "purl": "pkg:composer/moodle/moodle@2.7.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/62171?format=api", "purl": "pkg:composer/moodle/moodle@2.8.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.2" } ], "aliases": [ "CVE-2015-0213", "GHSA-hhq7-jf2p-hw9c" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-aqc8-tmeg-9fdd" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43537?format=api", "vulnerability_id": "VCID-y2vh-7r7h-9ugu", "summary": "Exposure of Sensitive Information to an Unauthorized Actor\nmod/lti/ajax.php in Moodle through 2.5.9, 2.6.x before 2.6.7, 2.7.x before 2.7.4, and 2.8.x before 2.8.2 does not consider the moodle/course:manageactivities and mod/lti:addinstance capabilities before proceeding with registered-tool list searches, which allows remote authenticated users to obtain sensitive information via requests to the LTI Ajax service.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47920", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-47920" }, { "reference_url": "http://openwall.com/lists/oss-security/2015/01/19/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2015/01/19/1" }, { "reference_url": "https://github.com/moodle/moodle/commit/52555c36989b6704550ed0b3c6e832f5e7e150b7", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/52555c36989b6704550ed0b3c6e832f5e7e150b7" }, { "reference_url": "https://github.com/moodle/moodle/commit/da4c33f510aabc0d7443c29a7c097cfd54b6c4a4", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/da4c33f510aabc0d7443c29a7c097cfd54b6c4a4" }, { "reference_url": "https://github.com/moodle/moodle/commit/faf0cd9098517cd6274219b58f6f4a278d26455d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/faf0cd9098517cd6274219b58f6f4a278d26455d" }, { "reference_url": "https://github.com/moodle/moodle/commit/fc6619d5c0bb297e6736880ff5353bb668048002", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/fc6619d5c0bb297e6736880ff5353bb668048002" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=278611", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=278611" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0211", "reference_id": "CVE-2015-0211", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0211" }, { "reference_url": "https://github.com/advisories/GHSA-frhc-9hwc-x7j3", "reference_id": "GHSA-frhc-9hwc-x7j3", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-frhc-9hwc-x7j3" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62169?format=api", "purl": "pkg:composer/moodle/moodle@2.6.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/62170?format=api", "purl": "pkg:composer/moodle/moodle@2.7.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/62171?format=api", "purl": "pkg:composer/moodle/moodle@2.8.2", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.2" } ], "aliases": [ "CVE-2015-0211", "GHSA-frhc-9hwc-x7j3" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-y2vh-7r7h-9ugu" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.7" }