Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/14715?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/14715?format=api", "vulnerability_id": "VCID-u9f3-sbjk-pygw", "summary": "Improper Control of Generation of Code ('Code Injection')\nCRLF injection vulnerability in calendar/set.php in the Calendar component in Moodle 1.9.x before 1.9.15, 2.0.x before 2.0.6, 2.1.x before 2.1.3, and 2.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors involving the url variable.", "aliases": [ { "alias": "CVE-2011-4203" }, { "alias": "GHSA-4w8m-96v9-2c86" } ], "fixed_packages": [], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/49933?format=api", "purl": "pkg:composer/moodle/moodle@2.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1m87-uyah-9kat" }, { "vulnerability": "VCID-364d-q9tm-4ket" }, { "vulnerability": "VCID-5u1f-df9m-x3en" }, { "vulnerability": "VCID-5vy6-nqht-hfa5" }, { "vulnerability": "VCID-7see-ex7a-9fdr" }, { "vulnerability": "VCID-8d1d-8x82-n7fj" }, { "vulnerability": "VCID-8q6b-cnmp-n3gv" }, { "vulnerability": "VCID-8y2x-aqub-9ycv" }, { "vulnerability": "VCID-9ffw-35y1-9kcc" }, { "vulnerability": "VCID-ajfk-n1qs-hqdp" }, { "vulnerability": "VCID-bav3-bmte-w3gr" }, { "vulnerability": "VCID-bgbv-4kb1-3bhg" }, { "vulnerability": "VCID-e1jc-m337-k7bj" }, { "vulnerability": "VCID-era2-gy4n-6kdx" }, { "vulnerability": "VCID-f6mk-8r56-1yfe" }, { "vulnerability": "VCID-j9xy-97ps-7fht" }, { "vulnerability": "VCID-kr6a-2jmv-t7dh" }, { "vulnerability": "VCID-pj1q-4uex-e3d3" }, { "vulnerability": "VCID-pmh4-7sf4-pkec" }, { "vulnerability": "VCID-pswr-m2yd-tkfb" }, { "vulnerability": "VCID-qpns-23xm-qyhv" }, { "vulnerability": "VCID-rqx8-nq76-sugw" }, { "vulnerability": "VCID-rsgm-pmc9-dfbb" }, { "vulnerability": "VCID-t242-kuj7-zfg4" }, { "vulnerability": "VCID-t5ww-gsnd-3ycg" }, { "vulnerability": "VCID-u9f3-sbjk-pygw" }, { "vulnerability": "VCID-ut3x-gmbz-ukem" }, { "vulnerability": "VCID-vf82-m9gw-kud2" }, { "vulnerability": "VCID-yrzk-x3uu-zkcn" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/49935?format=api", "purl": "pkg:composer/moodle/moodle@2.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1m87-uyah-9kat" }, { "vulnerability": "VCID-364d-q9tm-4ket" }, { "vulnerability": "VCID-5vy6-nqht-hfa5" }, { "vulnerability": "VCID-7see-ex7a-9fdr" }, { "vulnerability": "VCID-8q6b-cnmp-n3gv" }, { "vulnerability": "VCID-du8m-h228-cff3" }, { "vulnerability": "VCID-e1jc-m337-k7bj" }, { "vulnerability": "VCID-hxhr-sxkm-nka6" }, { "vulnerability": "VCID-kdqf-c5py-sybt" }, { "vulnerability": "VCID-pj1q-4uex-e3d3" }, { "vulnerability": "VCID-pswr-m2yd-tkfb" }, { "vulnerability": "VCID-qjdf-s39r-5bdb" }, { "vulnerability": "VCID-t242-kuj7-zfg4" }, { "vulnerability": "VCID-t5ww-gsnd-3ycg" }, { "vulnerability": "VCID-u9f3-sbjk-pygw" }, { "vulnerability": "VCID-uhws-64fm-hybk" }, { "vulnerability": "VCID-vf82-m9gw-kud2" }, { "vulnerability": "VCID-xu4e-svgd-cygq" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.1.0" } ], "references": [ { "reference_url": "http://penturalabs.wordpress.com/2011/12/13/advisory-crlf-injection-vulnerability-in-moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "http://penturalabs.wordpress.com/2011/12/13/advisory-crlf-injection-vulnerability-in-moodle" }, { "reference_url": "http://penturalabs.wordpress.com/2011/12/13/advisory-crlf-injection-vulnerability-in-moodle/", "reference_id": "", "reference_type": "", "scores": [], "url": "http://penturalabs.wordpress.com/2011/12/13/advisory-crlf-injection-vulnerability-in-moodle/" }, { "reference_url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4203", "reference_id": "", "reference_type": "", "scores": [ { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65218", "published_at": "2026-04-24T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65186", "published_at": "2026-04-08T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65199", "published_at": "2026-04-09T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65217", "published_at": "2026-04-11T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65205", "published_at": "2026-04-12T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65177", "published_at": "2026-04-13T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65212", "published_at": "2026-04-16T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65221", "published_at": "2026-04-18T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65204", "published_at": "2026-04-21T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65095", "published_at": "2026-04-01T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65145", "published_at": "2026-04-02T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65171", "published_at": "2026-04-04T12:55:00Z" }, { "value": "0.00483", "scoring_system": "epss", "scoring_elements": "0.65137", "published_at": "2026-04-07T12:55:00Z" } ], "url": "https://api.first.org/data/v1/epss?cve=CVE-2011-4203" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/581e8dba387f090d89382115fd850d8b44351526", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/581e8dba387f090d89382115fd850d8b44351526" }, { "reference_url": "https://github.com/moodle/moodle/commit/ae7cc577b7115a7ad7a68dc4986aca9e2bda2cf5", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/ae7cc577b7115a7ad7a68dc4986aca9e2bda2cf5" }, { "reference_url": "https://github.com/moodle/moodle/commit/bc577df6a974606fcb0882b090b00ea5a4e10cf6", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/bc577df6a974606fcb0882b090b00ea5a4e10cf6" }, { "reference_url": "https://github.com/moodle/moodle/commit/e311b14364719b0f7851149ee51c1a4ec732635e", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://github.com/moodle/moodle/commit/e311b14364719b0f7851149ee51c1a4ec732635e" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=191754", "reference_id": "", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://moodle.org/mod/forum/discuss.php?d=191754" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4203", "reference_id": "CVE-2011-4203", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "generic_textual", "scoring_elements": "" } ], "url": "https://nvd.nist.gov/vuln/detail/CVE-2011-4203" }, { "reference_url": "https://github.com/advisories/GHSA-4w8m-96v9-2c86", "reference_id": "GHSA-4w8m-96v9-2c86", "reference_type": "", "scores": [ { "value": "MODERATE", "scoring_system": "cvssv3.1_qr", "scoring_elements": "" } ], "url": "https://github.com/advisories/GHSA-4w8m-96v9-2c86" } ], "weaknesses": [ { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 94, "name": "Improper Control of Generation of Code ('Code Injection')", "description": "The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment." }, { "cwe_id": 113, "name": "Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Request/Response Splitting')", "description": "The product receives data from an HTTP agent/component (e.g., web server, proxy, browser, etc.), but it does not neutralize or incorrectly neutralizes CR and LF characters before the data is included in outgoing HTTP headers." }, { "cwe_id": 93, "name": "Improper Neutralization of CRLF Sequences ('CRLF Injection')", "description": "The product uses CRLF (carriage return line feeds) as a special element, e.g. to separate lines or records, but it does not neutralize or incorrectly neutralizes CRLF sequences from inputs." } ], "exploits": [], "severity_range_score": "4.0 - 6.9", "exploitability": "0.5", "weighted_severity": "6.2", "risk_score": 3.1, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-u9f3-sbjk-pygw" }