Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/moodle/moodle@2.1.9
Typecomposer
Namespacemoodle
Namemoodle
Version2.1.9
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.1.11
Latest_non_vulnerable_version5.1.2
Affected_by_vulnerabilities
0
url VCID-1uce-2wtr-8bfg
vulnerability_id VCID-1uce-2wtr-8bfg
summary 
Improper Input Validation
The moodle1 backup converter in backup/converter/moodle1/lib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly validate pathnames, which allows remote authenticated users to read arbitrary files by leveraging the backup-restoration feature.
references
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36977
reference_id
reference_type
scores
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36977
1
reference_url http://openwall.com/lists/oss-security/2013/01/21/1
reference_id
reference_type
scores
url http://openwall.com/lists/oss-security/2013/01/21/1
2
reference_url https://github.com/moodle/moodle/commit/0ab681d3e7bed2a37430387f9da8504c0b077d10
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/0ab681d3e7bed2a37430387f9da8504c0b077d10
3
reference_url https://github.com/moodle/moodle/commit/7b66137f7bcc84fb5eb07f58fb658b21bf37cc44
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/7b66137f7bcc84fb5eb07f58fb658b21bf37cc44
4
reference_url https://moodle.org/mod/forum/discuss.php?d=220160
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=220160
5
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-6099
reference_id CVE-2012-6099
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2012-6099
6
reference_url https://github.com/advisories/GHSA-cr78-rphw-w73p
reference_id GHSA-cr78-rphw-w73p
reference_type
scores
url https://github.com/advisories/GHSA-cr78-rphw-w73p
fixed_packages
0
url pkg:composer/moodle/moodle@2.1.10
purl pkg:composer/moodle/moodle@2.1.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2vsp-tbwq-1qhf
1
vulnerability VCID-b2tv-8q9g-qqfz
2
vulnerability VCID-vgxb-fkuj-9fgk
3
vulnerability VCID-y15n-cf9z-dyc4
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.1.10
1
url pkg:composer/moodle/moodle@2.2.7
purl pkg:composer/moodle/moodle@2.2.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.2.7
2
url pkg:composer/moodle/moodle@2.3.4
purl pkg:composer/moodle/moodle@2.3.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.3.4
3
url pkg:composer/moodle/moodle@2.4.1
purl pkg:composer/moodle/moodle@2.4.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.4.1
aliases CVE-2012-6099, GHSA-cr78-rphw-w73p
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1uce-2wtr-8bfg
Fixing_vulnerabilities
0
url VCID-et8t-f1u1-kudb
vulnerability_id VCID-et8t-f1u1-kudb
summary 
Moodle Allows Unauthenticated Dropbox Access
The Dropbox Repository File Picker in Moodle 2.1.x before 2.1.9, 2.2.x before 2.2.6, and 2.3.x before 2.3.3 allows remote authenticated users to access the Dropbox of a different user by leveraging an unattended workstation after a logout.
references
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-29872
reference_id
reference_type
scores
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-29872
1
reference_url http://openwall.com/lists/oss-security/2012/11/19/1
reference_id
reference_type
scores
url http://openwall.com/lists/oss-security/2012/11/19/1
2
reference_url https://github.com/moodle/moodle/commit/8eb614d4bb4a80ed51520bca528530914082136f
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/8eb614d4bb4a80ed51520bca528530914082136f
3
reference_url https://github.com/moodle/moodle/commit/a3433213a1a2346c145e004ab1dc08b58279f910
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/a3433213a1a2346c145e004ab1dc08b58279f910
4
reference_url https://github.com/moodle/moodle/commit/c62a20c42b96f0195c4de075e5c58a4e7d381428
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/c62a20c42b96f0195c4de075e5c58a4e7d381428
5
reference_url https://github.com/moodle/moodle/commit/cd029574b699c74e55fa287f0b4db45d2dcf9fde
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/cd029574b699c74e55fa287f0b4db45d2dcf9fde
6
reference_url https://moodle.org/mod/forum/discuss.php?d=216155
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=216155
7
reference_url https://web.archive.org/web/20121202030020/http://www.securityfocus.com/bid/56505
reference_id
reference_type
scores
url https://web.archive.org/web/20121202030020/http://www.securityfocus.com/bid/56505
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2012-5471
reference_id CVE-2012-5471
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2012-5471
9
reference_url https://github.com/advisories/GHSA-mpjx-8phj-5m34
reference_id GHSA-mpjx-8phj-5m34
reference_type
scores
url https://github.com/advisories/GHSA-mpjx-8phj-5m34
fixed_packages
0
url pkg:composer/moodle/moodle@2.1.9
purl pkg:composer/moodle/moodle@2.1.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uce-2wtr-8bfg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.1.9
1
url pkg:composer/moodle/moodle@2.2.6
purl pkg:composer/moodle/moodle@2.2.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uce-2wtr-8bfg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.2.6
2
url pkg:composer/moodle/moodle@2.3.3
purl pkg:composer/moodle/moodle@2.3.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-1uce-2wtr-8bfg
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.3.3
aliases CVE-2012-5471, GHSA-mpjx-8phj-5m34
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-et8t-f1u1-kudb
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.1.9