Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/20539?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/20539?format=api", "vulnerability_id": "VCID-a6w6-penj-kuds", "summary": "Moodle has a time restriction bypass\nAn issue in Moodle's timed assignment feature allowed students to bypass the time restriction, potentially giving them more time than allowed to complete an assessment.", "aliases": [ { "alias": "CVE-2025-62401" }, { "alias": "GHSA-w29j-8phw-ffjf" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/69873?format=api", "purl": "pkg:composer/moodle/moodle@4.1.21", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.21" }, { "url": "http://public2.vulnerablecode.io/api/packages/69872?format=api", "purl": "pkg:composer/moodle/moodle@4.4.11", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.4.11" }, { "url": "http://public2.vulnerablecode.io/api/packages/69871?format=api", "purl": "pkg:composer/moodle/moodle@4.5.7", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.7" }, { "url": "http://public2.vulnerablecode.io/api/packages/69867?format=api", "purl": "pkg:composer/moodle/moodle@5.0.3", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.0.3" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/69869?format=api", "purl": "pkg:composer/moodle/moodle@4.2.0-beta", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2h6c-6mgm-akc2" }, { "vulnerability": "VCID-a6w6-penj-kuds" }, { "vulnerability": "VCID-fcf4-tf5h-hfcr" }, { "vulnerability": "VCID-zaff-9ezm-aba1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.0-beta" }, { "url": "http://public2.vulnerablecode.io/api/packages/69870?format=api", "purl": "pkg:composer/moodle/moodle@4.5.0-beta", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2h6c-6mgm-akc2" }, { "vulnerability": "VCID-4uwn-m5xb-8ufn" }, { "vulnerability": "VCID-7z2w-xpn7-gbhm" }, { "vulnerability": "VCID-a6w6-penj-kuds" }, { "vulnerability": "VCID-aac8-q8g6-ebfw" }, { "vulnerability": "VCID-de7j-3de2-s3ee" }, { "vulnerability": "VCID-eutz-ecg4-b3he" }, { "vulnerability": "VCID-evtb-ua7c-3fed" }, { "vulnerability": "VCID-ewey-azre-s3fh" }, { "vulnerability": "VCID-fcf4-tf5h-hfcr" }, { "vulnerability": "VCID-k45j-wnny-nfa2" }, { "vulnerability": "VCID-qnbd-sejn-pfgp" }, { "vulnerability": "VCID-smgv-8j8r-1ba9" }, { "vulnerability": "VCID-xxtt-z6tn-mqc5" }, { "vulnerability": "VCID-ysax-7hvs-mkct" }, { "vulnerability": "VCID-zaff-9ezm-aba1" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.5.0-beta" }, { "url": "http://public2.vulnerablecode.io/api/packages/69866?format=api", "purl": "pkg:composer/moodle/moodle@5.0.0-beta", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-2h6c-6mgm-akc2" }, { "vulnerability": "VCID-4uwn-m5xb-8ufn" }, { "vulnerability": "VCID-7z2w-xpn7-gbhm" }, { "vulnerability": "VCID-a6w6-penj-kuds" }, { "vulnerability": "VCID-aac8-q8g6-ebfw" }, { "vulnerability": "VCID-cghw-xbkf-juh9" }, { "vulnerability": "VCID-de7j-3de2-s3ee" }, { "vulnerability": "VCID-eutz-ecg4-b3he" }, { "vulnerability": "VCID-evtb-ua7c-3fed" }, { "vulnerability": "VCID-ewey-azre-s3fh" }, { "vulnerability": "VCID-fcf4-tf5h-hfcr" }, { "vulnerability": "VCID-jcxv-jtyh-f7e9" }, { "vulnerability": "VCID-k45j-wnny-nfa2" }, { "vulnerability": "VCID-qnbd-sejn-pfgp" }, { "vulnerability": "VCID-smgv-8j8r-1ba9" }, { "vulnerability": "VCID-xxtt-z6tn-mqc5" }, { "vulnerability": "VCID-ysax-7hvs-mkct" }, { "vulnerability": "VCID-zaff-9ezm-aba1" }, { "vulnerability": "VCID-zd4r-bn1p-27a5" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@5.0.0-beta" } ], "references": [ { "reference_url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404434", "reference_id": "", "reference_type": "", "scores": [], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2404434" }, { "reference_url": "https://github.com/moodle/moodle", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle" }, { "reference_url": "https://github.com/moodle/moodle/commit/78a3fe6c618676dfc53ea538abbfe35e60674eeb", "reference_id": "", "reference_type": "", "scores": [], "url": "https://github.com/moodle/moodle/commit/78a3fe6c618676dfc53ea538abbfe35e60674eeb" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=470390", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=470390" }, { "reference_url": "https://access.redhat.com/security/cve/CVE-2025-62401", "reference_id": "CVE-2025-62401", "reference_type": "", "scores": [], "url": "https://access.redhat.com/security/cve/CVE-2025-62401" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62401", "reference_id": "CVE-2025-62401", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-62401" }, { "reference_url": "https://github.com/advisories/GHSA-w29j-8phw-ffjf", "reference_id": "GHSA-w29j-8phw-ffjf", "reference_type": "", "scores": [], "url": "https://github.com/advisories/GHSA-w29j-8phw-ffjf" } ], "weaknesses": [ { "cwe_id": 285, "name": "Improper Authorization", "description": "The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." }, { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." } ], "exploits": [], "severity_range_score": null, "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-a6w6-penj-kuds" }