{"url":"http://public2.vulnerablecode.io/api/packages/52702?format=json","purl":"pkg:composer/moodle/moodle@2.7.13","type":"composer","namespace":"moodle","name":"moodle","version":"2.7.13","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.7.19","latest_non_vulnerable_version":"5.1.2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38559?format=json","vulnerability_id":"VCID-4kq5-ctsv-eka8","summary":"Improper Access Control\nThe \"restore teacher\" feature in Moodle allows remote authenticated users to overwrite the course id number.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51369","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51369"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1335933","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1335933"},{"reference_url":"http://www.securitytracker.com/id/1035902","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1035902"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3733","reference_id":"CVE-2016-3733","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3733"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53197?format=json","purl":"pkg:composer/moodle/moodle@2.7.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fsex-f512-pudv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.14"},{"url":"http://public2.vulnerablecode.io/api/packages/53191?format=json","purl":"pkg:composer/moodle/moodle@2.8.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-65y9-9ur2-pugc"},{"vulnerability":"VCID-fsex-f512-pudv"},{"vulnerability":"VCID-qtt4-455b-abb6"},{"vulnerability":"VCID-v54t-5thx-1beu"},{"vulnerability":"VCID-vb67-yux5-ayhf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.12"},{"url":"http://public2.vulnerablecode.io/api/packages/53198?format=json","purl":"pkg:composer/moodle/moodle@2.9.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fsex-f512-pudv"},{"vulnerability":"VCID-qtt4-455b-abb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.6"},{"url":"http://public2.vulnerablecode.io/api/packages/53199?format=json","purl":"pkg:composer/moodle/moodle@3.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fsex-f512-pudv"},{"vulnerability":"VCID-qtt4-455b-abb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.4"}],"aliases":["CVE-2016-3733"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4kq5-ctsv-eka8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43702?format=json","vulnerability_id":"VCID-8cc1-hbzm-87bx","summary":"Exposure of Sensitive Information to an Unauthorized Actor\nThe capability check to access other badges in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13, and earlier allows remote authenticated users to read the badges of other users.","references":[{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1335933","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1335933"},{"reference_url":"https://web.archive.org/web/20210413170947/http://www.securitytracker.com/id/1035902","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20210413170947/http://www.securitytracker.com/id/1035902"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/05/17/4","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2016/05/17/4"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3732","reference_id":"CVE-2016-3732","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3732"},{"reference_url":"https://github.com/advisories/GHSA-5282-96ff-xx3h","reference_id":"GHSA-5282-96ff-xx3h","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-5282-96ff-xx3h"}],"fixed_packages":[],"aliases":["CVE-2016-3732","GHSA-5282-96ff-xx3h"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-8cc1-hbzm-87bx"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38558?format=json","vulnerability_id":"VCID-kgvw-uxf4-wbc1","summary":"Cross-Site Request Forgery (CSRF)\nA Cross-site request forgery (CSRF) vulnerability in `markposts.php` in Moodle allows remote attackers to hijack the authentication of users for requests that marks forum posts as read.","references":[{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1335933","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1335933"},{"reference_url":"http://www.securityfocus.com/bid/91281","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/91281"},{"reference_url":"http://www.securitytracker.com/id/1035902","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1035902"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3734","reference_id":"CVE-2016-3734","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3734"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53197?format=json","purl":"pkg:composer/moodle/moodle@2.7.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fsex-f512-pudv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.14"},{"url":"http://public2.vulnerablecode.io/api/packages/53191?format=json","purl":"pkg:composer/moodle/moodle@2.8.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-65y9-9ur2-pugc"},{"vulnerability":"VCID-fsex-f512-pudv"},{"vulnerability":"VCID-qtt4-455b-abb6"},{"vulnerability":"VCID-v54t-5thx-1beu"},{"vulnerability":"VCID-vb67-yux5-ayhf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.12"},{"url":"http://public2.vulnerablecode.io/api/packages/53198?format=json","purl":"pkg:composer/moodle/moodle@2.9.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fsex-f512-pudv"},{"vulnerability":"VCID-qtt4-455b-abb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.6"},{"url":"http://public2.vulnerablecode.io/api/packages/53199?format=json","purl":"pkg:composer/moodle/moodle@3.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fsex-f512-pudv"},{"vulnerability":"VCID-qtt4-455b-abb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.4"}],"aliases":["CVE-2016-3734"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kgvw-uxf4-wbc1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38561?format=json","vulnerability_id":"VCID-s3ue-e5h8-f3dy","summary":"Improper Access Control\nThe user editing form in Moodle allows remote authenticated users to edit profile fields locked by the administrator.","references":[{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1335933","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1335933"},{"reference_url":"http://www.securitytracker.com/id/1035902","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1035902"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3729","reference_id":"CVE-2016-3729","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3729"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53197?format=json","purl":"pkg:composer/moodle/moodle@2.7.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fsex-f512-pudv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.14"},{"url":"http://public2.vulnerablecode.io/api/packages/53191?format=json","purl":"pkg:composer/moodle/moodle@2.8.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-65y9-9ur2-pugc"},{"vulnerability":"VCID-fsex-f512-pudv"},{"vulnerability":"VCID-qtt4-455b-abb6"},{"vulnerability":"VCID-v54t-5thx-1beu"},{"vulnerability":"VCID-vb67-yux5-ayhf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.12"},{"url":"http://public2.vulnerablecode.io/api/packages/53198?format=json","purl":"pkg:composer/moodle/moodle@2.9.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fsex-f512-pudv"},{"vulnerability":"VCID-qtt4-455b-abb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.6"},{"url":"http://public2.vulnerablecode.io/api/packages/53199?format=json","purl":"pkg:composer/moodle/moodle@3.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fsex-f512-pudv"},{"vulnerability":"VCID-qtt4-455b-abb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.4"}],"aliases":["CVE-2016-3729"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s3ue-e5h8-f3dy"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38122?format=json","vulnerability_id":"VCID-37pj-u3gh-n7fd","summary":"Insertion of Sensitive Information into Log File\nMoodle does not properly restrict links, which allows remote attackers to obtain sensitive URL information by reading a Referer log.","references":[{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=330181","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=330181"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2190","reference_id":"CVE-2016-2190","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2190"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52702?format=json","purl":"pkg:composer/moodle/moodle@2.7.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4kq5-ctsv-eka8"},{"vulnerability":"VCID-8cc1-hbzm-87bx"},{"vulnerability":"VCID-kgvw-uxf4-wbc1"},{"vulnerability":"VCID-s3ue-e5h8-f3dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.13"},{"url":"http://public2.vulnerablecode.io/api/packages/52703?format=json","purl":"pkg:composer/moodle/moodle@2.8.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4kq5-ctsv-eka8"},{"vulnerability":"VCID-8cc1-hbzm-87bx"},{"vulnerability":"VCID-kgvw-uxf4-wbc1"},{"vulnerability":"VCID-s3ue-e5h8-f3dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.11"},{"url":"http://public2.vulnerablecode.io/api/packages/52704?format=json","purl":"pkg:composer/moodle/moodle@2.9.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4kq5-ctsv-eka8"},{"vulnerability":"VCID-8cc1-hbzm-87bx"},{"vulnerability":"VCID-kgvw-uxf4-wbc1"},{"vulnerability":"VCID-s3ue-e5h8-f3dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.5"},{"url":"http://public2.vulnerablecode.io/api/packages/52705?format=json","purl":"pkg:composer/moodle/moodle@3.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4kq5-ctsv-eka8"},{"vulnerability":"VCID-8cc1-hbzm-87bx"},{"vulnerability":"VCID-kgvw-uxf4-wbc1"},{"vulnerability":"VCID-s3ue-e5h8-f3dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.3"}],"aliases":["CVE-2016-2190"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-37pj-u3gh-n7fd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43667?format=json","vulnerability_id":"VCID-5hx1-9xbg-g3fn","summary":"Exposure of Sensitive Information to an Unauthorized Actor\ncalendar/externallib.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 provides calendar-event data without considering whether an activity is hidden, which allows remote authenticated users to obtain sensitive information via a web-service request.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52808","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52808"},{"reference_url":"https://github.com/moodle/moodle/commit/39b851376337b853c8d403dcba64645d16f0a9bd","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/39b851376337b853c8d403dcba64645d16f0a9bd"},{"reference_url":"https://github.com/moodle/moodle/commit/783e695e00689d67925d6f83722d344c0bd6de94","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/783e695e00689d67925d6f83722d344c0bd6de94"},{"reference_url":"https://github.com/moodle/moodle/commit/854e7b8ed0a84eb91ca455ca290427d22bc20baf","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/854e7b8ed0a84eb91ca455ca290427d22bc20baf"},{"reference_url":"https://github.com/moodle/moodle/commit/c631b112d6e729c84f5d559371a399fe54502ba3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/c631b112d6e729c84f5d559371a399fe54502ba3"},{"reference_url":"https://github.com/moodle/moodle/commit/d63ac148b95e5f909618e75efd76f6b5032da158","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/d63ac148b95e5f909618e75efd76f6b5032da158"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=330178","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=330178"},{"reference_url":"https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/03/21/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2016/03/21/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2156","reference_id":"CVE-2016-2156","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2156"},{"reference_url":"https://github.com/advisories/GHSA-h8vc-v44p-5r2q","reference_id":"GHSA-h8vc-v44p-5r2q","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-h8vc-v44p-5r2q"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52702?format=json","purl":"pkg:composer/moodle/moodle@2.7.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4kq5-ctsv-eka8"},{"vulnerability":"VCID-8cc1-hbzm-87bx"},{"vulnerability":"VCID-kgvw-uxf4-wbc1"},{"vulnerability":"VCID-s3ue-e5h8-f3dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.13"},{"url":"http://public2.vulnerablecode.io/api/packages/52703?format=json","purl":"pkg:composer/moodle/moodle@2.8.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4kq5-ctsv-eka8"},{"vulnerability":"VCID-8cc1-hbzm-87bx"},{"vulnerability":"VCID-kgvw-uxf4-wbc1"},{"vulnerability":"VCID-s3ue-e5h8-f3dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.11"},{"url":"http://public2.vulnerablecode.io/api/packages/52704?format=json","purl":"pkg:composer/moodle/moodle@2.9.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4kq5-ctsv-eka8"},{"vulnerability":"VCID-8cc1-hbzm-87bx"},{"vulnerability":"VCID-kgvw-uxf4-wbc1"},{"vulnerability":"VCID-s3ue-e5h8-f3dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.5"},{"url":"http://public2.vulnerablecode.io/api/packages/52705?format=json","purl":"pkg:composer/moodle/moodle@3.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4kq5-ctsv-eka8"},{"vulnerability":"VCID-8cc1-hbzm-87bx"},{"vulnerability":"VCID-kgvw-uxf4-wbc1"},{"vulnerability":"VCID-s3ue-e5h8-f3dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.3"}],"aliases":["CVE-2016-2156","GHSA-h8vc-v44p-5r2q"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5hx1-9xbg-g3fn"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38123?format=json","vulnerability_id":"VCID-an53-nu91-k3d7","summary":"Cross-site Scripting\nMultiple cross-site scripting (XSS) vulnerabilities in `auth/db/auth.php` in Moodle allow remote attackers to inject arbitrary web script or HTML via an external DB profile field.","references":[{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=330174","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=330174"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2152","reference_id":"CVE-2016-2152","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2152"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52702?format=json","purl":"pkg:composer/moodle/moodle@2.7.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4kq5-ctsv-eka8"},{"vulnerability":"VCID-8cc1-hbzm-87bx"},{"vulnerability":"VCID-kgvw-uxf4-wbc1"},{"vulnerability":"VCID-s3ue-e5h8-f3dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.13"},{"url":"http://public2.vulnerablecode.io/api/packages/52703?format=json","purl":"pkg:composer/moodle/moodle@2.8.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4kq5-ctsv-eka8"},{"vulnerability":"VCID-8cc1-hbzm-87bx"},{"vulnerability":"VCID-kgvw-uxf4-wbc1"},{"vulnerability":"VCID-s3ue-e5h8-f3dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.11"},{"url":"http://public2.vulnerablecode.io/api/packages/52704?format=json","purl":"pkg:composer/moodle/moodle@2.9.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4kq5-ctsv-eka8"},{"vulnerability":"VCID-8cc1-hbzm-87bx"},{"vulnerability":"VCID-kgvw-uxf4-wbc1"},{"vulnerability":"VCID-s3ue-e5h8-f3dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.5"},{"url":"http://public2.vulnerablecode.io/api/packages/52705?format=json","purl":"pkg:composer/moodle/moodle@3.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4kq5-ctsv-eka8"},{"vulnerability":"VCID-8cc1-hbzm-87bx"},{"vulnerability":"VCID-kgvw-uxf4-wbc1"},{"vulnerability":"VCID-s3ue-e5h8-f3dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.3"}],"aliases":["CVE-2016-2152"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-an53-nu91-k3d7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38125?format=json","vulnerability_id":"VCID-eaqp-7abt-6kg9","summary":"Improper Access Control\nThe `save_submission` function in `mod/assign/externallib.php` in Moodle allows remote authenticated users to bypass intended due-date restrictions by leveraging the student role for a web-service request.","references":[{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=330182","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=330182"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2159","reference_id":"CVE-2016-2159","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2159"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52702?format=json","purl":"pkg:composer/moodle/moodle@2.7.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4kq5-ctsv-eka8"},{"vulnerability":"VCID-8cc1-hbzm-87bx"},{"vulnerability":"VCID-kgvw-uxf4-wbc1"},{"vulnerability":"VCID-s3ue-e5h8-f3dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.13"},{"url":"http://public2.vulnerablecode.io/api/packages/52703?format=json","purl":"pkg:composer/moodle/moodle@2.8.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4kq5-ctsv-eka8"},{"vulnerability":"VCID-8cc1-hbzm-87bx"},{"vulnerability":"VCID-kgvw-uxf4-wbc1"},{"vulnerability":"VCID-s3ue-e5h8-f3dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.11"},{"url":"http://public2.vulnerablecode.io/api/packages/52704?format=json","purl":"pkg:composer/moodle/moodle@2.9.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4kq5-ctsv-eka8"},{"vulnerability":"VCID-8cc1-hbzm-87bx"},{"vulnerability":"VCID-kgvw-uxf4-wbc1"},{"vulnerability":"VCID-s3ue-e5h8-f3dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.5"},{"url":"http://public2.vulnerablecode.io/api/packages/52705?format=json","purl":"pkg:composer/moodle/moodle@3.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4kq5-ctsv-eka8"},{"vulnerability":"VCID-8cc1-hbzm-87bx"},{"vulnerability":"VCID-kgvw-uxf4-wbc1"},{"vulnerability":"VCID-s3ue-e5h8-f3dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.3"}],"aliases":["CVE-2016-2159"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eaqp-7abt-6kg9"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38124?format=json","vulnerability_id":"VCID-k6pw-51st-b3d2","summary":"Cross-site Scripting\nCross-site scripting (XSS) vulnerability in the `advanced-search` feature in `mod_data` in Moodle allows remote attackers to inject arbitrary web script or HTML via a crafted field in a URL.","references":[{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=330175","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=330175"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2153","reference_id":"CVE-2016-2153","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2153"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52702?format=json","purl":"pkg:composer/moodle/moodle@2.7.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4kq5-ctsv-eka8"},{"vulnerability":"VCID-8cc1-hbzm-87bx"},{"vulnerability":"VCID-kgvw-uxf4-wbc1"},{"vulnerability":"VCID-s3ue-e5h8-f3dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.13"},{"url":"http://public2.vulnerablecode.io/api/packages/52703?format=json","purl":"pkg:composer/moodle/moodle@2.8.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4kq5-ctsv-eka8"},{"vulnerability":"VCID-8cc1-hbzm-87bx"},{"vulnerability":"VCID-kgvw-uxf4-wbc1"},{"vulnerability":"VCID-s3ue-e5h8-f3dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.11"},{"url":"http://public2.vulnerablecode.io/api/packages/52704?format=json","purl":"pkg:composer/moodle/moodle@2.9.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4kq5-ctsv-eka8"},{"vulnerability":"VCID-8cc1-hbzm-87bx"},{"vulnerability":"VCID-kgvw-uxf4-wbc1"},{"vulnerability":"VCID-s3ue-e5h8-f3dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.5"},{"url":"http://public2.vulnerablecode.io/api/packages/52705?format=json","purl":"pkg:composer/moodle/moodle@3.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4kq5-ctsv-eka8"},{"vulnerability":"VCID-8cc1-hbzm-87bx"},{"vulnerability":"VCID-kgvw-uxf4-wbc1"},{"vulnerability":"VCID-s3ue-e5h8-f3dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.3"}],"aliases":["CVE-2016-2153"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-k6pw-51st-b3d2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43716?format=json","vulnerability_id":"VCID-ryws-mr9v-7yfp","summary":"Exposure of Sensitive Information to an Unauthorized Actor\nlib/ajax/getnavbranch.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3, when the forcelogin feature is enabled, allows remote attackers to obtain sensitive category-detail information from the navigation branch by leveraging the guest role for an Ajax request.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52774","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52774"},{"reference_url":"https://github.com/moodle/moodle/commit/0766509ab02353008af62f953f7ebc0f6210411a","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/0766509ab02353008af62f953f7ebc0f6210411a"},{"reference_url":"https://github.com/moodle/moodle/commit/3c069c16db62d0e0a64137578e92c22d604dd261","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/3c069c16db62d0e0a64137578e92c22d604dd261"},{"reference_url":"https://github.com/moodle/moodle/commit/7b9fbb1cf4228b39f81454cdb8370e7853fbe184","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/7b9fbb1cf4228b39f81454cdb8370e7853fbe184"},{"reference_url":"https://github.com/moodle/moodle/commit/dc8421575f35585a7a4fc1c9710dafd1d0483d4e","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/dc8421575f35585a7a4fc1c9710dafd1d0483d4e"},{"reference_url":"https://github.com/moodle/moodle/commit/ea8987644fdbbee291337263598b0c3c7bf27c36","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/ea8987644fdbbee291337263598b0c3c7bf27c36"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=330180","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=330180"},{"reference_url":"https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/03/21/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2016/03/21/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2158","reference_id":"CVE-2016-2158","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2158"},{"reference_url":"https://github.com/advisories/GHSA-m882-j7gq-v9p7","reference_id":"GHSA-m882-j7gq-v9p7","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-m882-j7gq-v9p7"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52702?format=json","purl":"pkg:composer/moodle/moodle@2.7.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4kq5-ctsv-eka8"},{"vulnerability":"VCID-8cc1-hbzm-87bx"},{"vulnerability":"VCID-kgvw-uxf4-wbc1"},{"vulnerability":"VCID-s3ue-e5h8-f3dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.13"},{"url":"http://public2.vulnerablecode.io/api/packages/52703?format=json","purl":"pkg:composer/moodle/moodle@2.8.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4kq5-ctsv-eka8"},{"vulnerability":"VCID-8cc1-hbzm-87bx"},{"vulnerability":"VCID-kgvw-uxf4-wbc1"},{"vulnerability":"VCID-s3ue-e5h8-f3dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.11"},{"url":"http://public2.vulnerablecode.io/api/packages/52704?format=json","purl":"pkg:composer/moodle/moodle@2.9.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4kq5-ctsv-eka8"},{"vulnerability":"VCID-8cc1-hbzm-87bx"},{"vulnerability":"VCID-kgvw-uxf4-wbc1"},{"vulnerability":"VCID-s3ue-e5h8-f3dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.5"},{"url":"http://public2.vulnerablecode.io/api/packages/52705?format=json","purl":"pkg:composer/moodle/moodle@3.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4kq5-ctsv-eka8"},{"vulnerability":"VCID-8cc1-hbzm-87bx"},{"vulnerability":"VCID-kgvw-uxf4-wbc1"},{"vulnerability":"VCID-s3ue-e5h8-f3dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.3"}],"aliases":["CVE-2016-2158","GHSA-m882-j7gq-v9p7"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ryws-mr9v-7yfp"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43712?format=json","vulnerability_id":"VCID-sa6m-ecv7-x3ew","summary":"Cross-Site Request Forgery (CSRF)\nCross-site request forgery (CSRF) vulnerability in mod/assign/adminmanageplugins.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 allows remote attackers to hijack the authentication of administrators for requests that manage Assignment plugins.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53031","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-53031"},{"reference_url":"https://github.com/moodle/moodle/commit/01b19e761f94a4f3615d5c8f6314309aa83469f3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/01b19e761f94a4f3615d5c8f6314309aa83469f3"},{"reference_url":"https://github.com/moodle/moodle/commit/1452f1e1d37d816648e3e015296de59509847287","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/1452f1e1d37d816648e3e015296de59509847287"},{"reference_url":"https://github.com/moodle/moodle/commit/55ba3a26d2710ce3c5f13287b0c3538b9a934fa4","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/55ba3a26d2710ce3c5f13287b0c3538b9a934fa4"},{"reference_url":"https://github.com/moodle/moodle/commit/85984545a937b0790c355473d7295eb60b0265eb","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/85984545a937b0790c355473d7295eb60b0265eb"},{"reference_url":"https://github.com/moodle/moodle/commit/a0cd21cd5cc63961243518a58e9d5d01182dbbb4","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/a0cd21cd5cc63961243518a58e9d5d01182dbbb4"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=330179","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=330179"},{"reference_url":"https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/03/21/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2016/03/21/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2157","reference_id":"CVE-2016-2157","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2157"},{"reference_url":"https://github.com/advisories/GHSA-f5pm-c4cw-563p","reference_id":"GHSA-f5pm-c4cw-563p","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-f5pm-c4cw-563p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52702?format=json","purl":"pkg:composer/moodle/moodle@2.7.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4kq5-ctsv-eka8"},{"vulnerability":"VCID-8cc1-hbzm-87bx"},{"vulnerability":"VCID-kgvw-uxf4-wbc1"},{"vulnerability":"VCID-s3ue-e5h8-f3dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.13"},{"url":"http://public2.vulnerablecode.io/api/packages/52703?format=json","purl":"pkg:composer/moodle/moodle@2.8.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4kq5-ctsv-eka8"},{"vulnerability":"VCID-8cc1-hbzm-87bx"},{"vulnerability":"VCID-kgvw-uxf4-wbc1"},{"vulnerability":"VCID-s3ue-e5h8-f3dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.11"},{"url":"http://public2.vulnerablecode.io/api/packages/52704?format=json","purl":"pkg:composer/moodle/moodle@2.9.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4kq5-ctsv-eka8"},{"vulnerability":"VCID-8cc1-hbzm-87bx"},{"vulnerability":"VCID-kgvw-uxf4-wbc1"},{"vulnerability":"VCID-s3ue-e5h8-f3dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.5"},{"url":"http://public2.vulnerablecode.io/api/packages/52705?format=json","purl":"pkg:composer/moodle/moodle@3.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4kq5-ctsv-eka8"},{"vulnerability":"VCID-8cc1-hbzm-87bx"},{"vulnerability":"VCID-kgvw-uxf4-wbc1"},{"vulnerability":"VCID-s3ue-e5h8-f3dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.3"}],"aliases":["CVE-2016-2157","GHSA-f5pm-c4cw-563p"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-sa6m-ecv7-x3ew"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43349?format=json","vulnerability_id":"VCID-ujja-hfkh-wkez","summary":"Exposure of Sensitive Information to an Unauthorized Actor\nuser/index.php in Moodle through 2.6.11, 2.7.x before 2.7.13, 2.8.x before 2.8.11, 2.9.x before 2.9.5, and 3.0.x before 3.0.3 grants excessive authorization on the basis of the moodle/course:viewhiddenuserfields capability, which allows remote authenticated users to discover student e-mail addresses by leveraging the teacher role and reading a Participants list.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52433","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-52433"},{"reference_url":"https://github.com/moodle/moodle/commit/089ab60017cd3207990658fbd37f7f31948539fa","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/089ab60017cd3207990658fbd37f7f31948539fa"},{"reference_url":"https://github.com/moodle/moodle/commit/094fddd00f2e8e832e21e80f417c7b88b33a1f27","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/094fddd00f2e8e832e21e80f417c7b88b33a1f27"},{"reference_url":"https://github.com/moodle/moodle/commit/85380c6b616e82e31115fbb585d37f0e15f8b0b2","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/85380c6b616e82e31115fbb585d37f0e15f8b0b2"},{"reference_url":"https://github.com/moodle/moodle/commit/8e24a54e526c149469bd77c910876c4489e87841","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/8e24a54e526c149469bd77c910876c4489e87841"},{"reference_url":"https://github.com/moodle/moodle/commit/a0034bb01773e36dffed2a665646f9cc31d68d5b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/a0034bb01773e36dffed2a665646f9cc31d68d5b"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=330173","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=330173"},{"reference_url":"https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20160424224349/http://www.securitytracker.com/id/1035333"},{"reference_url":"http://www.openwall.com/lists/oss-security/2016/03/21/1","reference_id":"","reference_type":"","scores":[],"url":"http://www.openwall.com/lists/oss-security/2016/03/21/1"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2151","reference_id":"CVE-2016-2151","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-2151"},{"reference_url":"https://github.com/advisories/GHSA-r3fc-hx6q-g6cq","reference_id":"GHSA-r3fc-hx6q-g6cq","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-r3fc-hx6q-g6cq"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52702?format=json","purl":"pkg:composer/moodle/moodle@2.7.13","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4kq5-ctsv-eka8"},{"vulnerability":"VCID-8cc1-hbzm-87bx"},{"vulnerability":"VCID-kgvw-uxf4-wbc1"},{"vulnerability":"VCID-s3ue-e5h8-f3dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.13"},{"url":"http://public2.vulnerablecode.io/api/packages/52703?format=json","purl":"pkg:composer/moodle/moodle@2.8.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4kq5-ctsv-eka8"},{"vulnerability":"VCID-8cc1-hbzm-87bx"},{"vulnerability":"VCID-kgvw-uxf4-wbc1"},{"vulnerability":"VCID-s3ue-e5h8-f3dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.11"},{"url":"http://public2.vulnerablecode.io/api/packages/52704?format=json","purl":"pkg:composer/moodle/moodle@2.9.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4kq5-ctsv-eka8"},{"vulnerability":"VCID-8cc1-hbzm-87bx"},{"vulnerability":"VCID-kgvw-uxf4-wbc1"},{"vulnerability":"VCID-s3ue-e5h8-f3dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.5"},{"url":"http://public2.vulnerablecode.io/api/packages/52705?format=json","purl":"pkg:composer/moodle/moodle@3.0.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4kq5-ctsv-eka8"},{"vulnerability":"VCID-8cc1-hbzm-87bx"},{"vulnerability":"VCID-kgvw-uxf4-wbc1"},{"vulnerability":"VCID-s3ue-e5h8-f3dy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.3"}],"aliases":["CVE-2016-2151","GHSA-r3fc-hx6q-g6cq"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ujja-hfkh-wkez"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.13"}