Vulnerability Instance
Lookup for vulnerabilities affecting packages.
GET /api/vulnerabilities/45466?format=api
{ "url": "http://public2.vulnerablecode.io/api/vulnerabilities/45466?format=api", "vulnerability_id": "VCID-d8gp-tuxy-3qdf", "summary": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nA limited SQL injection risk was identified on the Mnet SSO access control page. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.", "aliases": [ { "alias": "CVE-2023-35132" } ], "fixed_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/65684?format=api", "purl": "pkg:composer/moodle/moodle@3.9.22", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.22" }, { "url": "http://public2.vulnerablecode.io/api/packages/65685?format=api", "purl": "pkg:composer/moodle/moodle@3.11.15", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.11.15" }, { "url": "http://public2.vulnerablecode.io/api/packages/65686?format=api", "purl": "pkg:composer/moodle/moodle@4.0.9", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.0.9" }, { "url": "http://public2.vulnerablecode.io/api/packages/65687?format=api", "purl": "pkg:composer/moodle/moodle@4.1.4", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.4" }, { "url": "http://public2.vulnerablecode.io/api/packages/65688?format=api", "purl": "pkg:composer/moodle/moodle@4.2.1", "is_vulnerable": false, "affected_by_vulnerabilities": [], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.1" } ], "affected_packages": [ { "url": "http://public2.vulnerablecode.io/api/packages/59618?format=api", "purl": "pkg:composer/moodle/moodle@3.11.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-164m-humk-1fe3" }, { "vulnerability": "VCID-1kfj-2zwf-vbfp" }, { "vulnerability": "VCID-1wzm-dhqv-43bj" }, { "vulnerability": "VCID-233t-s5y8-4yg5" }, { "vulnerability": "VCID-24bp-c9yc-gua4" }, { "vulnerability": "VCID-2trf-n9r4-ykgg" }, { "vulnerability": "VCID-2z6d-qf96-kyb4" }, { "vulnerability": "VCID-33ss-gb34-8ke5" }, { "vulnerability": "VCID-3ept-fdps-5fe5" }, { "vulnerability": "VCID-4c9d-jf9g-u3gn" }, { "vulnerability": "VCID-57wg-wxss-jbaw" }, { "vulnerability": "VCID-5bfe-hk7m-7bh6" }, { "vulnerability": "VCID-5q1e-b4e8-jbc8" }, { "vulnerability": "VCID-5rk8-v6bb-6ugh" }, { "vulnerability": "VCID-7rqc-eepq-43ds" }, { "vulnerability": "VCID-7x6e-qege-ufdv" }, { "vulnerability": "VCID-8d9n-ejbb-7fa1" }, { "vulnerability": "VCID-9uem-p6k3-nqdb" }, { "vulnerability": "VCID-b994-r5mw-3fbg" }, { "vulnerability": "VCID-cbzx-gnhr-pfap" }, { "vulnerability": "VCID-d8gp-tuxy-3qdf" }, { "vulnerability": "VCID-dvrf-62nt-2kdp" }, { "vulnerability": "VCID-gepg-y7ud-cuds" }, { "vulnerability": "VCID-gr4h-n82f-zkg2" }, { "vulnerability": "VCID-hk13-uc46-87h1" }, { "vulnerability": "VCID-hsk6-h5ky-g3cx" }, { "vulnerability": "VCID-jarn-rtuz-wucq" }, { "vulnerability": "VCID-jfsu-ya7r-h3e1" }, { "vulnerability": "VCID-p3ge-1cqt-tufw" }, { "vulnerability": "VCID-qfvz-hf8h-8bb3" }, { "vulnerability": "VCID-s7pu-hgz5-zfbq" }, { "vulnerability": "VCID-taab-hupu-huf9" }, { "vulnerability": "VCID-u32t-89zc-v3gj" }, { "vulnerability": "VCID-utsj-g57g-cbeb" }, { "vulnerability": "VCID-x1pc-1kuc-kug2" }, { "vulnerability": "VCID-yxag-fghx-47ej" }, { "vulnerability": "VCID-zf4q-a4cz-y7dh" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.11.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/63984?format=api", "purl": "pkg:composer/moodle/moodle@4.0.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1wzm-dhqv-43bj" }, { "vulnerability": "VCID-24bp-c9yc-gua4" }, { "vulnerability": "VCID-2trf-n9r4-ykgg" }, { "vulnerability": "VCID-2z6d-qf96-kyb4" }, { "vulnerability": "VCID-33ss-gb34-8ke5" }, { "vulnerability": "VCID-3ept-fdps-5fe5" }, { "vulnerability": "VCID-4c9d-jf9g-u3gn" }, { "vulnerability": "VCID-4svp-grnb-2fh3" }, { "vulnerability": "VCID-5bfe-hk7m-7bh6" }, { "vulnerability": "VCID-5q1e-b4e8-jbc8" }, { "vulnerability": "VCID-5rk8-v6bb-6ugh" }, { "vulnerability": "VCID-7rqc-eepq-43ds" }, { "vulnerability": "VCID-7x6e-qege-ufdv" }, { "vulnerability": "VCID-8d9n-ejbb-7fa1" }, { "vulnerability": "VCID-b994-r5mw-3fbg" }, { "vulnerability": "VCID-cbzx-gnhr-pfap" }, { "vulnerability": "VCID-d8gp-tuxy-3qdf" }, { "vulnerability": "VCID-dvrf-62nt-2kdp" }, { "vulnerability": "VCID-gepg-y7ud-cuds" }, { "vulnerability": "VCID-hsk6-h5ky-g3cx" }, { "vulnerability": "VCID-jarn-rtuz-wucq" }, { "vulnerability": "VCID-jfsu-ya7r-h3e1" }, { "vulnerability": "VCID-ngar-aydn-eye4" }, { "vulnerability": "VCID-s7pu-hgz5-zfbq" }, { "vulnerability": "VCID-sz1m-v8wf-nqgx" }, { "vulnerability": "VCID-utsj-g57g-cbeb" }, { "vulnerability": "VCID-x1pc-1kuc-kug2" }, { "vulnerability": "VCID-yxag-fghx-47ej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.0.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/63985?format=api", "purl": "pkg:composer/moodle/moodle@4.1.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1wzm-dhqv-43bj" }, { "vulnerability": "VCID-24bp-c9yc-gua4" }, { "vulnerability": "VCID-2z6d-qf96-kyb4" }, { "vulnerability": "VCID-33ss-gb34-8ke5" }, { "vulnerability": "VCID-3ept-fdps-5fe5" }, { "vulnerability": "VCID-4c9d-jf9g-u3gn" }, { "vulnerability": "VCID-4svp-grnb-2fh3" }, { "vulnerability": "VCID-5bfe-hk7m-7bh6" }, { "vulnerability": "VCID-5q1e-b4e8-jbc8" }, { "vulnerability": "VCID-5rk8-v6bb-6ugh" }, { "vulnerability": "VCID-7rqc-eepq-43ds" }, { "vulnerability": "VCID-7x6e-qege-ufdv" }, { "vulnerability": "VCID-8d9n-ejbb-7fa1" }, { "vulnerability": "VCID-b994-r5mw-3fbg" }, { "vulnerability": "VCID-cbzx-gnhr-pfap" }, { "vulnerability": "VCID-d8gp-tuxy-3qdf" }, { "vulnerability": "VCID-dvrf-62nt-2kdp" }, { "vulnerability": "VCID-gepg-y7ud-cuds" }, { "vulnerability": "VCID-hsk6-h5ky-g3cx" }, { "vulnerability": "VCID-jarn-rtuz-wucq" }, { "vulnerability": "VCID-jfsu-ya7r-h3e1" }, { "vulnerability": "VCID-ngar-aydn-eye4" }, { "vulnerability": "VCID-qan2-5dd9-myhg" }, { "vulnerability": "VCID-s4j2-ppgk-sfh9" }, { "vulnerability": "VCID-s7pu-hgz5-zfbq" }, { "vulnerability": "VCID-sz1m-v8wf-nqgx" }, { "vulnerability": "VCID-utsj-g57g-cbeb" }, { "vulnerability": "VCID-x1pc-1kuc-kug2" }, { "vulnerability": "VCID-yxag-fghx-47ej" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.1.0" }, { "url": "http://public2.vulnerablecode.io/api/packages/65683?format=api", "purl": "pkg:composer/moodle/moodle@4.2.0", "is_vulnerable": true, "affected_by_vulnerabilities": [ { "vulnerability": "VCID-1wzm-dhqv-43bj" }, { "vulnerability": "VCID-24bp-c9yc-gua4" }, { "vulnerability": "VCID-4c9d-jf9g-u3gn" }, { "vulnerability": "VCID-4svp-grnb-2fh3" }, { "vulnerability": "VCID-6726-ca8y-4uez" }, { "vulnerability": "VCID-7rqc-eepq-43ds" }, { "vulnerability": "VCID-7x6e-qege-ufdv" }, { "vulnerability": "VCID-8d9n-ejbb-7fa1" }, { "vulnerability": "VCID-d8gp-tuxy-3qdf" }, { "vulnerability": "VCID-gycn-bey2-4yam" }, { "vulnerability": "VCID-hsk6-h5ky-g3cx" }, { "vulnerability": "VCID-jarn-rtuz-wucq" }, { "vulnerability": "VCID-jfsu-ya7r-h3e1" }, { "vulnerability": "VCID-mhh7-n7ut-hkh6" }, { "vulnerability": "VCID-ngar-aydn-eye4" }, { "vulnerability": "VCID-qabh-bpmn-1ye5" }, { "vulnerability": "VCID-r1ug-e8x6-83gt" }, { "vulnerability": "VCID-s7pu-hgz5-zfbq" }, { "vulnerability": "VCID-team-9wba-yufc" }, { "vulnerability": "VCID-utsj-g57g-cbeb" }, { "vulnerability": "VCID-x1pc-1kuc-kug2" }, { "vulnerability": "VCID-yc6t-am1p-x3ev" } ], "resource_url": "http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@4.2.0" } ], "references": [ { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7A72KX4WU6GK2CX4TKYFGFASPKOEOJFC/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/7A72KX4WU6GK2CX4TKYFGFASPKOEOJFC/" }, { "reference_url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5QAEAGJ44NVXLAJFJXKARKC45OGEDXT/", "reference_id": "", "reference_type": "", "scores": [], "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/I5QAEAGJ44NVXLAJFJXKARKC45OGEDXT/" }, { "reference_url": "https://moodle.org/mod/forum/discuss.php?d=447830", "reference_id": "", "reference_type": "", "scores": [], "url": "https://moodle.org/mod/forum/discuss.php?d=447830" }, { "reference_url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35132", "reference_id": "CVE-2023-35132", "reference_type": "", "scores": [], "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-35132" } ], "weaknesses": [ { "cwe_id": 1035, "name": "OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2017." }, { "cwe_id": 89, "name": "Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')", "description": "The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component." }, { "cwe_id": 937, "name": "OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities", "description": "Weaknesses in this category are related to the A9 category in the OWASP Top Ten 2013." } ], "exploits": [], "severity_range_score": null, "exploitability": null, "weighted_severity": null, "risk_score": null, "resource_url": "http://public2.vulnerablecode.io/vulnerabilities/VCID-d8gp-tuxy-3qdf" }