Package Instance
Lookup for vulnerable packages by Package URL.
GET /api/packages/62480?format=api
{ "url": "http://public2.vulnerablecode.io/api/packages/62480?format=api", "purl": "pkg:composer/moodle/moodle@2.3.4", "type": "composer", "namespace": "moodle", "name": "moodle", "version": "2.3.4", "qualifiers": {}, "subpath": "", "is_vulnerable": false, "next_non_vulnerable_version": "2.3.5", "latest_non_vulnerable_version": "5.1.2", "affected_by_vulnerabilities": [], "fixing_vulnerabilities": [ { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43610?format=api", "vulnerability_id": "VCID-1uce-2wtr-8bfg", "summary": "Improper Input Validation\nThe moodle1 backup converter in backup/converter/moodle1/lib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly validate pathnames, which allows remote authenticated users to read arbitrary files by leveraging the backup-restoration feature.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36977", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36977" }, { "reference_url": "http://openwall.com/lists/oss-security/2013/01/21/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2013/01/21/1" }, { "reference_url": "https://github.com/moodle/moodle/commit/0ab681d3e7bed2a37430387f9da8504c0b077d10", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/0ab681d3e7bed2a37430387f9da8504c0b077d10" }, { "reference_url": "https://github.com/moodle/moodle/commit/7b66137f7bcc84fb5eb07f58fb658b21bf37cc44", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/7b66137f7bcc84fb5eb07f58fb658b21bf37cc44" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=220160", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=220160" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6099", "reference_id": "CVE-2012-6099", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6099" }, { "reference_url": "https://github.com/advisories/GHSA-cr78-rphw-w73p", "reference_id": "GHSA-cr78-rphw-w73p", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-cr78-rphw-w73p" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62387?format=api", "purl": "pkg:composer/moodle/moodle@2.1.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2vsp-tbwq-1qhf" }, { "vulnerability": "VCID-b2tv-8q9g-qqfz" }, { "vulnerability": "VCID-vgxb-fkuj-9fgk" }, { "vulnerability": "VCID-y15n-cf9z-dyc4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.1.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/62479?format=api", "purl": "pkg:composer/moodle/moodle@2.2.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.2.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/62480?format=api", "purl": "pkg:composer/moodle/moodle@2.3.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/62481?format=api", "purl": "pkg:composer/moodle/moodle@2.4.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.4.1" } ], "aliases": [ "CVE-2012-6099", "GHSA-cr78-rphw-w73p" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-1uce-2wtr-8bfg" }, { "url": "http://public2.vulnerablecode.io/api/vulnerabilities/43533?format=api", "vulnerability_id": "VCID-mh2f-ytz5-9fhg", "summary": "PHP Spellchecker addon for TinyMCE allows attackers to trigger arbitrary outbound HTTP requests\nclasses/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly handle control characters, which allows remote attackers to trigger arbitrary outbound HTTP requests via a crafted string.", "references": [ { "reference_url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37283", "reference_id": "", "reference_type": "", "scores": [], "url": "http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37283" }, { "reference_url": "http://openwall.com/lists/oss-security/2013/01/21/1", "reference_id": "", "reference_type": "", "scores": [], "url": "http://openwall.com/lists/oss-security/2013/01/21/1" }, { "reference_url": "https://github.com/moodle/moodle/commit/6fac8f7f04c9fe7f8bbb54a9c00ec5f9ea4f09e0", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/6fac8f7f04c9fe7f8bbb54a9c00ec5f9ea4f09e0" }, { "reference_url": "https://github.com/moodle/moodle/commit/9803d8fc3ce08c8f8b88ad3a95d9a7c97678a3e3", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/9803d8fc3ce08c8f8b88ad3a95d9a7c97678a3e3" }, { "reference_url": "https://github.com/moodle/moodle/commit/a3243760c243ddad76e91840134009c3681cb16a", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/a3243760c243ddad76e91840134009c3681cb16a" }, { "reference_url": "https://github.com/moodle/moodle/commit/f938b1a89b8f381129120a37915d1b345333b3fb", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/f938b1a89b8f381129120a37915d1b345333b3fb" }, { "reference_url": "https://github.com/tinymce/tinymce_spellchecker_php/commit/22910187bfb9edae90c26e10100d8145b505b974", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/tinymce/tinymce_spellchecker_php/commit/22910187bfb9edae90c26e10100d8145b505b974" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=220157", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=220157" }, { "reference_url": "https://web.archive.org/web/20121015010345/http://www.tinymce.com/develop/changelog/?type=phpspell", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20121015010345/http://www.tinymce.com/develop/changelog/?type=phpspell" }, { "reference_url": "https://web.archive.org/web/20121129021911/http://www.tinymce.com/forum/viewtopic.php?id=30036", "reference_id": "", "reference_type": "", "scores": [], "url": "https://web.archive.org/web/20121129021911/http://www.tinymce.com/forum/viewtopic.php?id=30036" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6112", "reference_id": "CVE-2012-6112", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2012-6112" }, { "reference_url": "https://github.com/advisories/GHSA-fx5h-3786-h2w6", "reference_id": "GHSA-fx5h-3786-h2w6", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-fx5h-3786-h2w6" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/62387?format=api", "purl": "pkg:composer/moodle/moodle@2.1.10", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2vsp-tbwq-1qhf" }, { "vulnerability": "VCID-b2tv-8q9g-qqfz" }, { "vulnerability": "VCID-vgxb-fkuj-9fgk" }, { "vulnerability": "VCID-y15n-cf9z-dyc4" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.1.10" }, { "url": "http://public2.vulnerablecode.io/api/packages/62479?format=api", "purl": "pkg:composer/moodle/moodle@2.2.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.2.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/62480?format=api", "purl": "pkg:composer/moodle/moodle@2.3.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.3.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/62481?format=api", "purl": "pkg:composer/moodle/moodle@2.4.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.4.1" } ], "aliases": [ "CVE-2012-6112", "GHSA-fx5h-3786-h2w6" ], "risk_score": null, "exploitability": null, "weighted_severity": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-mh2f-ytz5-9fhg" } ], "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.3.4" }