{"url":"http://public2.vulnerablecode.io/api/packages/53189?format=json","purl":"pkg:composer/moodle/moodle@3.1.1","type":"composer","namespace":"moodle","name":"moodle","version":"3.1.1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.1.5","latest_non_vulnerable_version":"5.1.2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38449?format=json","vulnerability_id":"VCID-vb67-yux5-ayhf","summary":"Weak Password Recovery Mechanism for Forgotten Password\nIn Moodle, web service tokens are not invalidated when the user password is changed or forced to be changed.","references":[{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=339631","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=339631"},{"reference_url":"http://www.securityfocus.com/bid/93174","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/93174"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-7038","reference_id":"CVE-2016-7038","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-7038"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/52965?format=json","purl":"pkg:composer/moodle/moodle@3.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-k1bh-ymgt-e7cd"},{"vulnerability":"VCID-v54t-5thx-1beu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.2"}],"aliases":["CVE-2016-7038"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vb67-yux5-ayhf"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38448?format=json","vulnerability_id":"VCID-edf3-ktcc-gydc","summary":"Information Exposure\nIn Moodle, glossary search displays entries without checking user permissions to view them.","references":[{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=336697","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=336697"},{"reference_url":"http://www.securityfocus.com/bid/92041","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/92041"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5012","reference_id":"CVE-2016-5012","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5012"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53189?format=json","purl":"pkg:composer/moodle/moodle@3.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-vb67-yux5-ayhf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.1"}],"aliases":["CVE-2016-5012"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-edf3-ktcc-gydc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38450?format=json","vulnerability_id":"VCID-fsex-f512-pudv","summary":"Injection Vulnerability\nIn Moodle, text injection can occur in email headers, potentially leading to outbound spam.","references":[{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=336698","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=336698"},{"reference_url":"http://www.securityfocus.com/bid/92040","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/92040"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5013","reference_id":"CVE-2016-5013","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5013"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53190?format=json","purl":"pkg:composer/moodle/moodle@2.7.15","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-vb67-yux5-ayhf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.15"},{"url":"http://public2.vulnerablecode.io/api/packages/53192?format=json","purl":"pkg:composer/moodle/moodle@2.9.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-vb67-yux5-ayhf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.7"},{"url":"http://public2.vulnerablecode.io/api/packages/53193?format=json","purl":"pkg:composer/moodle/moodle@3.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-vb67-yux5-ayhf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.5"},{"url":"http://public2.vulnerablecode.io/api/packages/53189?format=json","purl":"pkg:composer/moodle/moodle@3.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-vb67-yux5-ayhf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.1"}],"aliases":["CVE-2016-5013"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fsex-f512-pudv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43673?format=json","vulnerability_id":"VCID-qtt4-455b-abb6","summary":"Exposure of Sensitive Information to an Unauthorized Actor\nIn Moodle 2.x and 3.x, an unenrolled user still receives event monitor notifications even though they can no longer access the course.","references":[{"reference_url":"https://github.com/moodle/moodle/commit/ea106d2a1dbc633a22f12a119763b2af5f33542b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/ea106d2a1dbc633a22f12a119763b2af5f33542b"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=336699","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=336699"},{"reference_url":"https://web.archive.org/web/20210123154548/http://www.securityfocus.com/bid/92042","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20210123154548/http://www.securityfocus.com/bid/92042"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5014","reference_id":"CVE-2016-5014","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5014"},{"reference_url":"https://github.com/advisories/GHSA-c4cq-v4wp-28hg","reference_id":"GHSA-c4cq-v4wp-28hg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-c4cq-v4wp-28hg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53192?format=json","purl":"pkg:composer/moodle/moodle@2.9.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-vb67-yux5-ayhf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.7"},{"url":"http://public2.vulnerablecode.io/api/packages/53193?format=json","purl":"pkg:composer/moodle/moodle@3.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-vb67-yux5-ayhf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.5"},{"url":"http://public2.vulnerablecode.io/api/packages/53189?format=json","purl":"pkg:composer/moodle/moodle@3.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-vb67-yux5-ayhf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.1"}],"aliases":["CVE-2016-5014","GHSA-c4cq-v4wp-28hg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qtt4-455b-abb6"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.1"}