Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/62291?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/62291?format=api", "purl": "pkg:composer/moodle/moodle@2.8.6", "type": "composer", "namespace": "moodle", "name": "moodle", "version": "2.8.6", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "2.8.7", "latest_non_vulnerable_version": "5.1.2", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43737?format=api", "vulnerability_id": "VCID-62yh-cpfr-9bb1", "summary": "Exposure of Sensitive Information to an Unauthorized Actor\nlib/navigationlib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to obtain sensitive course-structure information by leveraging access to a student account with a suspended enrolment.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49788", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49788" }, { "reference_url": "http://openwall.com/lists/oss-security/2015/05/18/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2015/05/18/1" }, { "reference_url": "https://github.com/moodle/moodle/commit/032f18c4a50d472cddd2cb52a627d19b75921f16", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/032f18c4a50d472cddd2cb52a627d19b75921f16" }, { "reference_url": "https://github.com/moodle/moodle/commit/271477f593c4acbb84c620015fad19f08282629e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/271477f593c4acbb84c620015fad19f08282629e" }, { "reference_url": "https://github.com/moodle/moodle/commit/8b4568500b305f7ddedbca355b73ce34ea4afbc0", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/8b4568500b305f7ddedbca355b73ce34ea4afbc0" }, { "reference_url": "https://github.com/moodle/moodle/commit/b7d307e80761e1c5b310958223640055d23b83f6", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/b7d307e80761e1c5b310958223640055d23b83f6" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=313687", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=313687" }, { "reference_url": "https://web.archive.org/web/20200228054132/http://www.securityfocus.com/bid/74729", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20200228054132/http://www.securityfocus.com/bid/74729" }, { "reference_url": "https://web.archive.org/web/20201030042703/http://www.securitytracker.com/id/1032358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20201030042703/http://www.securitytracker.com/id/1032358" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3180", "reference_id": "CVE-2015-3180", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3180" }, { "reference_url": "https://github.com/advisories/GHSA-688p-pgj4-77hh", "reference_id": "GHSA-688p-pgj4-77hh", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-688p-pgj4-77hh" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52559?format=api", "purl": "pkg:composer/moodle/moodle@2.6.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37pj-u3gh-n7fd" }, { "vulnerability": "VCID-4cx7-eaax-8uhr" }, { "vulnerability": "VCID-an53-nu91-k3d7" }, { "vulnerability": "VCID-b9ej-hx7z-1bb8" }, { "vulnerability": "VCID-eaqp-7abt-6kg9" }, { "vulnerability": "VCID-k6pw-51st-b3d2" }, { "vulnerability": "VCID-xmm4-zw49-3feh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/62290?format=api", "purl": "pkg:composer/moodle/moodle@2.7.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/62291?format=api", "purl": "pkg:composer/moodle/moodle@2.8.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.6" } ], "aliases": [ "CVE-2015-3180", "GHSA-688p-pgj4-77hh" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-62yh-cpfr-9bb1" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43752?format=api", "vulnerability_id": "VCID-g4hn-yz26-1beb", "summary": "Moodle allows attackers to bypass intended login restrictions\nlogin/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to bypass intended login restrictions by leveraging access to an unconfirmed suspended account.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50090", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50090" }, { "reference_url": "http://openwall.com/lists/oss-security/2015/05/18/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2015/05/18/1" }, { "reference_url": "https://github.com/moodle/moodle/commit/78ec6751fc57bb17bb67c26870fea396390b9937", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/78ec6751fc57bb17bb67c26870fea396390b9937" }, { "reference_url": "https://github.com/moodle/moodle/commit/811ae9f082697495248c6c87ec80aeaf88c851fc", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/811ae9f082697495248c6c87ec80aeaf88c851fc" }, { "reference_url": "https://github.com/moodle/moodle/commit/98c38993fd6cbd78bf5819c68c55fcfded6467c0", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/98c38993fd6cbd78bf5819c68c55fcfded6467c0" }, { "reference_url": "https://github.com/moodle/moodle/commit/f236dcc35c3595dfcc77932d84660056e982a310", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/f236dcc35c3595dfcc77932d84660056e982a310" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=313686", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=313686" }, { "reference_url": "https://web.archive.org/web/20200228054915/http://www.securityfocus.com/bid/74725", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20200228054915/http://www.securityfocus.com/bid/74725" }, { "reference_url": "https://web.archive.org/web/20200501000000*/http://www.securitytracker.com/id/1032358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20200501000000*/http://www.securitytracker.com/id/1032358" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3179", "reference_id": "CVE-2015-3179", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3179" }, { "reference_url": "https://github.com/advisories/GHSA-4ppg-2mx6-fqx9", "reference_id": "GHSA-4ppg-2mx6-fqx9", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-4ppg-2mx6-fqx9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52559?format=api", "purl": "pkg:composer/moodle/moodle@2.6.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37pj-u3gh-n7fd" }, { "vulnerability": "VCID-4cx7-eaax-8uhr" }, { "vulnerability": "VCID-an53-nu91-k3d7" }, { "vulnerability": "VCID-b9ej-hx7z-1bb8" }, { "vulnerability": "VCID-eaqp-7abt-6kg9" }, { "vulnerability": "VCID-k6pw-51st-b3d2" }, { "vulnerability": "VCID-xmm4-zw49-3feh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/62290?format=api", "purl": "pkg:composer/moodle/moodle@2.7.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/62291?format=api", "purl": "pkg:composer/moodle/moodle@2.8.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.6" } ], "aliases": [ "CVE-2015-3179", "GHSA-4ppg-2mx6-fqx9" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-g4hn-yz26-1beb" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43627?format=api", "vulnerability_id": "VCID-gvan-87dt-b7fp", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nmod/quiz/db/access.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 does not set the RISK_XSS bit for graders, which allows remote authenticated users to conduct cross-site scripting (XSS) attacks via crafted gradebook feedback during manual quiz grading.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49941", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49941" }, { "reference_url": "http://openwall.com/lists/oss-security/2015/05/18/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2015/05/18/1" }, { "reference_url": "https://github.com/moodle/moodle/commit/10c2b92448873a8479942098a090e7c16b44438d", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/10c2b92448873a8479942098a090e7c16b44438d" }, { "reference_url": "https://github.com/moodle/moodle/commit/1ce4f44df7e793051211841b6a78ac77bd42fc99", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/1ce4f44df7e793051211841b6a78ac77bd42fc99" }, { "reference_url": "https://github.com/moodle/moodle/commit/39ae18a2f90fcf392a711dd41f9aa7627f72a762", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/39ae18a2f90fcf392a711dd41f9aa7627f72a762" }, { "reference_url": "https://github.com/moodle/moodle/commit/e51fdfe0cbab19320f139773d83aacb1ad15eb46", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/e51fdfe0cbab19320f139773d83aacb1ad15eb46" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=313681", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=313681" }, { "reference_url": "https://web.archive.org/web/20201030042703/http://www.securitytracker.com/id/1032358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20201030042703/http://www.securitytracker.com/id/1032358" }, { "reference_url": "http://www.securityfocus.com/bid/74719https://web.archive.org/web/20200228054910/http://www.securityfocus.com/bid/74719", "reference_id": "", "reference_type": "", "scores": [], "url": "http://www.securityfocus.com/bid/74719https://web.archive.org/web/20200228054910/http://www.securityfocus.com/bid/74719" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3174", "reference_id": "CVE-2015-3174", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3174" }, { "reference_url": "https://github.com/advisories/GHSA-6r7x-6q98-qcqp", "reference_id": "GHSA-6r7x-6q98-qcqp", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-6r7x-6q98-qcqp" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52559?format=api", "purl": "pkg:composer/moodle/moodle@2.6.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37pj-u3gh-n7fd" }, { "vulnerability": "VCID-4cx7-eaax-8uhr" }, { "vulnerability": "VCID-an53-nu91-k3d7" }, { "vulnerability": "VCID-b9ej-hx7z-1bb8" }, { "vulnerability": "VCID-eaqp-7abt-6kg9" }, { "vulnerability": "VCID-k6pw-51st-b3d2" }, { "vulnerability": "VCID-xmm4-zw49-3feh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/62290?format=api", "purl": "pkg:composer/moodle/moodle@2.7.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/62291?format=api", "purl": "pkg:composer/moodle/moodle@2.8.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.6" } ], "aliases": [ "CVE-2015-3174", "GHSA-6r7x-6q98-qcqp" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-gvan-87dt-b7fp" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43527?format=api", "vulnerability_id": "VCID-n9uc-b76m-8fbs", "summary": "Moodle allows attackers to bypass file-management restrictions\nfiles/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 does not consider the moodle/user:manageownfiles capability before approving a private-file upload, which allows remote authenticated users to bypass intended file-management restrictions by using web services to perform uploads after this capability has been revoked.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49994", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49994" }, { "reference_url": "http://openwall.com/lists/oss-security/2015/05/18/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2015/05/18/1" }, { "reference_url": "https://github.com/moodle/moodle/commit/350397da93c557f577e7d62e7fc3e233792ad171", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/350397da93c557f577e7d62e7fc3e233792ad171" }, { "reference_url": "https://github.com/moodle/moodle/commit/4b6b64685affa66784fd238c1bbc1eb0651492a0", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/4b6b64685affa66784fd238c1bbc1eb0651492a0" }, { "reference_url": "https://github.com/moodle/moodle/commit/57d9a750e3da6708dba13513e9b05e84a895ad9f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/57d9a750e3da6708dba13513e9b05e84a895ad9f" }, { "reference_url": "https://github.com/moodle/moodle/commit/8e8ee7530427a10e409386657484e9fd5effc438", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/8e8ee7530427a10e409386657484e9fd5effc438" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=313688", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=313688" }, { "reference_url": "https://web.archive.org/web/20200228054133/http://www.securityfocus.com/bid/74728", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20200228054133/http://www.securityfocus.com/bid/74728" }, { "reference_url": "https://web.archive.org/web/20201030042703/http://www.securitytracker.com/id/1032358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20201030042703/http://www.securitytracker.com/id/1032358" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3181", "reference_id": "CVE-2015-3181", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3181" }, { "reference_url": "https://github.com/advisories/GHSA-622h-cjgg-5mx6", "reference_id": "GHSA-622h-cjgg-5mx6", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-622h-cjgg-5mx6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52559?format=api", "purl": "pkg:composer/moodle/moodle@2.6.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37pj-u3gh-n7fd" }, { "vulnerability": "VCID-4cx7-eaax-8uhr" }, { "vulnerability": "VCID-an53-nu91-k3d7" }, { "vulnerability": "VCID-b9ej-hx7z-1bb8" }, { "vulnerability": "VCID-eaqp-7abt-6kg9" }, { "vulnerability": "VCID-k6pw-51st-b3d2" }, { "vulnerability": "VCID-xmm4-zw49-3feh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/62290?format=api", "purl": "pkg:composer/moodle/moodle@2.7.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/62291?format=api", "purl": "pkg:composer/moodle/moodle@2.8.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.6" } ], "aliases": [ "CVE-2015-3181", "GHSA-622h-cjgg-5mx6" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-n9uc-b76m-8fbs" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43437?format=api", "vulnerability_id": "VCID-s3bw-w61k-eqhy", "summary": "Exposure of Sensitive Information to an Unauthorized Actor\nThe account-confirmation feature in login/confirm.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote attackers to obtain sensitive full-name information by attempting to self-register.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50099", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50099" }, { "reference_url": "http://openwall.com/lists/oss-security/2015/05/18/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2015/05/18/1" }, { "reference_url": "https://github.com/moodle/moodle/commit/4f8b6d567494375017c4bc2228e1668d13b21645", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/4f8b6d567494375017c4bc2228e1668d13b21645" }, { "reference_url": "https://github.com/moodle/moodle/commit/80eb5bc7b7da4927d2d8021e8c18cbd3a8093406", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/80eb5bc7b7da4927d2d8021e8c18cbd3a8093406" }, { "reference_url": "https://github.com/moodle/moodle/commit/d5922686e7622e1aa58b9b31633f0906f5be2eb3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/d5922686e7622e1aa58b9b31633f0906f5be2eb3" }, { "reference_url": "https://github.com/moodle/moodle/commit/e2e7e35da31ef174589d54f70e791d6acefb59c9", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/e2e7e35da31ef174589d54f70e791d6acefb59c9" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=313683", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=313683" }, { "reference_url": "https://web.archive.org/web/20200228054912/http://www.securityfocus.com/bid/74644", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20200228054912/http://www.securityfocus.com/bid/74644" }, { "reference_url": "https://web.archive.org/web/20201030042703/http://www.securitytracker.com/id/1032358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20201030042703/http://www.securitytracker.com/id/1032358" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3176", "reference_id": "CVE-2015-3176", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3176" }, { "reference_url": "https://github.com/advisories/GHSA-fqrg-vmvj-jv3x", "reference_id": "GHSA-fqrg-vmvj-jv3x", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-fqrg-vmvj-jv3x" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52559?format=api", "purl": "pkg:composer/moodle/moodle@2.6.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37pj-u3gh-n7fd" }, { "vulnerability": "VCID-4cx7-eaax-8uhr" }, { "vulnerability": "VCID-an53-nu91-k3d7" }, { "vulnerability": "VCID-b9ej-hx7z-1bb8" }, { "vulnerability": "VCID-eaqp-7abt-6kg9" }, { "vulnerability": "VCID-k6pw-51st-b3d2" }, { "vulnerability": "VCID-xmm4-zw49-3feh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/62290?format=api", "purl": "pkg:composer/moodle/moodle@2.7.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/62291?format=api", "purl": "pkg:composer/moodle/moodle@2.8.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.6" } ], "aliases": [ "CVE-2015-3176", "GHSA-fqrg-vmvj-jv3x" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-s3bw-w61k-eqhy" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43546?format=api", "vulnerability_id": "VCID-uptz-tj66-7yfk", "summary": "Moodle Arbitrary Redirect\nMultiple open redirect vulnerabilities in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving an error page that links to a URL from an HTTP Referer header.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49179", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49179" }, { "reference_url": "http://openwall.com/lists/oss-security/2015/05/18/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2015/05/18/1" }, { "reference_url": "https://github.com/moodle/moodle/commit/b2687a055dc990ca86ddce178d5aee3fb1df644a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/b2687a055dc990ca86ddce178d5aee3fb1df644a" }, { "reference_url": "https://github.com/moodle/moodle/commit/dd0607b7bbaff38cc62e4d00658c02da3fdbb4c8", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/dd0607b7bbaff38cc62e4d00658c02da3fdbb4c8" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=313682", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=313682" }, { "reference_url": "https://web.archive.org/web/20201030042703/http://www.securitytracker.com/id/1032358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20201030042703/http://www.securitytracker.com/id/1032358" }, { "reference_url": "https://web.archive.org/web/20210122155902/http://www.securityfocus.com/bid/74720", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20210122155902/http://www.securityfocus.com/bid/74720" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3175", "reference_id": "CVE-2015-3175", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3175" }, { "reference_url": "https://github.com/advisories/GHSA-h798-h7ff-93xv", "reference_id": "GHSA-h798-h7ff-93xv", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-h798-h7ff-93xv" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52559?format=api", "purl": "pkg:composer/moodle/moodle@2.6.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37pj-u3gh-n7fd" }, { "vulnerability": "VCID-4cx7-eaax-8uhr" }, { "vulnerability": "VCID-an53-nu91-k3d7" }, { "vulnerability": "VCID-b9ej-hx7z-1bb8" }, { "vulnerability": "VCID-eaqp-7abt-6kg9" }, { "vulnerability": "VCID-k6pw-51st-b3d2" }, { "vulnerability": "VCID-xmm4-zw49-3feh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/62290?format=api", "purl": "pkg:composer/moodle/moodle@2.7.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/62291?format=api", "purl": "pkg:composer/moodle/moodle@2.8.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.6" } ], "aliases": [ "CVE-2015-3175", "GHSA-h798-h7ff-93xv" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-uptz-tj66-7yfk" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43532?format=api", "vulnerability_id": "VCID-wavt-rrws-3yhs", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site scripting (XSS) vulnerability in the external_format_text function in lib/externallib.php in Moodle through 2.5.9, 2.6.x before 2.6.11, 2.7.x before 2.7.8, and 2.8.x before 2.8.6 allows remote authenticated users to inject arbitrary web script or HTML into an external application via a crafted string that is visible to web services.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49718", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-49718" }, { "reference_url": "http://openwall.com/lists/oss-security/2015/05/18/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2015/05/18/1" }, { "reference_url": "https://github.com/moodle/moodle/commit/28947c1d7d9c53781989b9da7ceb2cafdd144749", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/28947c1d7d9c53781989b9da7ceb2cafdd144749" }, { "reference_url": "https://github.com/moodle/moodle/commit/2c7d13dba37aa0c850c62037b951efd6dc1b0f78", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/2c7d13dba37aa0c850c62037b951efd6dc1b0f78" }, { "reference_url": "https://github.com/moodle/moodle/commit/77067fbb3a248ac2f1fa4b3c20e5b81f768940e5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/77067fbb3a248ac2f1fa4b3c20e5b81f768940e5" }, { "reference_url": "https://github.com/moodle/moodle/commit/7f5bd0da0e25feb3b6da3908b6672a58af82e12f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/7f5bd0da0e25feb3b6da3908b6672a58af82e12f" }, { "reference_url": "https://github.com/moodle/moodle/commit/b4da1e0ae4f63ef0bb14b8bf5c0b86cd00f2af4b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/b4da1e0ae4f63ef0bb14b8bf5c0b86cd00f2af4b" }, { "reference_url": "https://github.com/moodle/moodle/commit/d62d36c657a5df45ee286722490abb7901381da6", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/d62d36c657a5df45ee286722490abb7901381da6" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=313685", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=313685" }, { "reference_url": "https://web.archive.org/web/20200228054910/http://www.securityfocus.com/bid/74726", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20200228054910/http://www.securityfocus.com/bid/74726" }, { "reference_url": "https://web.archive.org/web/20201201000000*/http://www.securitytracker.com/id/1032358", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20201201000000*/http://www.securitytracker.com/id/1032358" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3178", "reference_id": "CVE-2015-3178", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3178" }, { "reference_url": "https://github.com/advisories/GHSA-9fmw-m4qx-6cq8", "reference_id": "GHSA-9fmw-m4qx-6cq8", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-9fmw-m4qx-6cq8" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/52559?format=api", "purl": "pkg:composer/moodle/moodle@2.6.11", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-37pj-u3gh-n7fd" }, { "vulnerability": "VCID-4cx7-eaax-8uhr" }, { "vulnerability": "VCID-an53-nu91-k3d7" }, { "vulnerability": "VCID-b9ej-hx7z-1bb8" }, { "vulnerability": "VCID-eaqp-7abt-6kg9" }, { "vulnerability": "VCID-k6pw-51st-b3d2" }, { "vulnerability": "VCID-xmm4-zw49-3feh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.6.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/62290?format=api", "purl": "pkg:composer/moodle/moodle@2.7.8", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.8" }, { "url": "http://public2.vulnerablecode.io/api/packages/62291?format=api", "purl": "pkg:composer/moodle/moodle@2.8.6", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.6" } ], "aliases": [ "CVE-2015-3178", "GHSA-9fmw-m4qx-6cq8" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-wavt-rrws-3yhs" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.6" }