Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/62469?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/62469?format=api", "purl": "pkg:composer/moodle/moodle@2.9.1", "type": "composer", "namespace": "moodle", "name": "moodle", "version": "2.9.1", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "2.9.2", "latest_non_vulnerable_version": "5.1.2", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43529?format=api", "vulnerability_id": "VCID-37j1-ym2f-1fbc", "summary": "Moodle open redirect vulnerability\nOpen redirect vulnerability in the clean_param function in lib/moodlelib.php in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving an HTTP Referer header that has a substring match with a local URL.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50688", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50688" }, { "reference_url": "http://openwall.com/lists/oss-security/2015/07/13/2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2015/07/13/2" }, { "reference_url": "https://github.com/moodle/moodle/commit/5673aae914070fa93b861a39f6bb3eae2f79bbc2", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/5673aae914070fa93b861a39f6bb3eae2f79bbc2" }, { "reference_url": "https://github.com/moodle/moodle/commit/5c1f41f0583e9174ead1530f93dc4b260d8036d5", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/5c1f41f0583e9174ead1530f93dc4b260d8036d5" }, { "reference_url": "https://github.com/moodle/moodle/commit/9580c08e9e4e5e80606d46aea2014f83f863534f", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/9580c08e9e4e5e80606d46aea2014f83f863534f" }, { "reference_url": "https://github.com/moodle/moodle/commit/980bd08bdc01586bf8b5d407b049645ea6ff1174", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/980bd08bdc01586bf8b5d407b049645ea6ff1174" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=316662", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=316662" }, { "reference_url": "https://web.archive.org/web/20150924032214/http://www.securitytracker.com/id/1032877", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20150924032214/http://www.securitytracker.com/id/1032877" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3272", "reference_id": "CVE-2015-3272", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3272" }, { "reference_url": "https://github.com/advisories/GHSA-2hw2-h3mf-c2j9", "reference_id": "GHSA-2hw2-h3mf-c2j9", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-2hw2-h3mf-c2j9" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62467?format=api", "purl": "pkg:composer/moodle/moodle@2.7.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/62468?format=api", "purl": "pkg:composer/moodle/moodle@2.8.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/62469?format=api", "purl": "pkg:composer/moodle/moodle@2.9.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.1" } ], "aliases": [ "CVE-2015-3272", "GHSA-2hw2-h3mf-c2j9" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-37j1-ym2f-1fbc" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43703?format=api", "vulnerability_id": "VCID-emu7-jhv2-zqb8", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nCross-site scripting (XSS) vulnerability in the user_get_user_details function in user/lib.php in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allows remote attackers to inject arbitrary web script or HTML by leveraging absence of an external_format_text call in a web service.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50130", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50130" }, { "reference_url": "http://openwall.com/lists/oss-security/2015/07/13/2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2015/07/13/2" }, { "reference_url": "https://github.com/moodle/moodle/commit/7b15a363201109354bbd6d51a7c70f50dac7b9d8", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/7b15a363201109354bbd6d51a7c70f50dac7b9d8" }, { "reference_url": "https://github.com/moodle/moodle/commit/a809a8dccea222a31e0828d4f17889035e6d1a36", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/a809a8dccea222a31e0828d4f17889035e6d1a36" }, { "reference_url": "https://github.com/moodle/moodle/commit/e96e66aa16dca5cbcdb1aef0f9499edf86f1404b", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/e96e66aa16dca5cbcdb1aef0f9499edf86f1404b" }, { "reference_url": "https://github.com/moodle/moodle/commit/ffe5c784889b3f7b2ba11cf9db881d54904623b7", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/ffe5c784889b3f7b2ba11cf9db881d54904623b7" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=316664", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=316664" }, { "reference_url": "https://web.archive.org/web/20150924032214/http://www.securitytracker.com/id/1032877", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20150924032214/http://www.securitytracker.com/id/1032877" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3274", "reference_id": "CVE-2015-3274", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3274" }, { "reference_url": "https://github.com/advisories/GHSA-f7qm-q26p-6rr2", "reference_id": "GHSA-f7qm-q26p-6rr2", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-f7qm-q26p-6rr2" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62467?format=api", "purl": "pkg:composer/moodle/moodle@2.7.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/62468?format=api", "purl": "pkg:composer/moodle/moodle@2.8.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/62469?format=api", "purl": "pkg:composer/moodle/moodle@2.9.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.1" } ], "aliases": [ "CVE-2015-3274", "GHSA-f7qm-q26p-6rr2" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-emu7-jhv2-zqb8" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43743?format=api", "vulnerability_id": "VCID-v6ha-ekxw-7bfr", "summary": "Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nMultiple cross-site scripting (XSS) vulnerabilities in the SCORM module in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allow remote attackers to inject arbitrary web script or HTML via a crafted organization name to (1) mod/scorm/player.php or (2) mod/scorm/prereqs.php.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50614", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50614" }, { "reference_url": "http://openwall.com/lists/oss-security/2015/07/13/2", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2015/07/13/2" }, { "reference_url": "https://github.com/moodle/moodle/commit/46460a23035ad35caa50c2083ce6327f7723002e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/46460a23035ad35caa50c2083ce6327f7723002e" }, { "reference_url": "https://github.com/moodle/moodle/commit/476e97f280f5fa146f3ab676dd6f07de481ad9e8", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/476e97f280f5fa146f3ab676dd6f07de481ad9e8" }, { "reference_url": "https://github.com/moodle/moodle/commit/d942f0311c0d4d8200b9d3244cc8847046abc32e", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/d942f0311c0d4d8200b9d3244cc8847046abc32e" }, { "reference_url": "https://github.com/moodle/moodle/commit/f3e7afedb96e2637a30d9bebd5fa98d45eca5f55", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/f3e7afedb96e2637a30d9bebd5fa98d45eca5f55" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=316665", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=316665" }, { "reference_url": "https://web.archive.org/web/20150924032214/http://www.securitytracker.com/id/1032877", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20150924032214/http://www.securitytracker.com/id/1032877" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3275", "reference_id": "CVE-2015-3275", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3275" }, { "reference_url": "https://github.com/advisories/GHSA-6922-5v25-p8jg", "reference_id": "GHSA-6922-5v25-p8jg", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-6922-5v25-p8jg" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62467?format=api", "purl": "pkg:composer/moodle/moodle@2.7.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/62468?format=api", "purl": "pkg:composer/moodle/moodle@2.8.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/62469?format=api", "purl": "pkg:composer/moodle/moodle@2.9.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.1" } ], "aliases": [ "CVE-2015-3275", "GHSA-6922-5v25-p8jg" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-v6ha-ekxw-7bfr" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.1" }