Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/moodle/moodle@2.8.12
Typecomposer
Namespacemoodle
Namemoodle
Version2.8.12
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version2.9.1
Latest_non_vulnerable_version5.1.2
Affected_by_vulnerabilities
0
url VCID-65y9-9ur2-pugc
vulnerability_id VCID-65y9-9ur2-pugc
summary 
Improper Input Validation
There is incorrect sanitization of attributes in forums.
references
0
reference_url https://moodle.org/mod/forum/discuss.php?d=345912
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=345912
1
reference_url http://www.securityfocus.com/bid/95649
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/95649
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2017-2576
reference_id CVE-2017-2576
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2017-2576
fixed_packages
0
url pkg:composer/moodle/moodle@3.0.8
purl pkg:composer/moodle/moodle@3.0.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dxb-v1af-jbax
1
vulnerability VCID-5rbf-4dz3-2qdz
2
vulnerability VCID-dhku-uah4-ykh8
3
vulnerability VCID-vtq4-fpr8-hudb
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.8
1
url pkg:composer/moodle/moodle@3.1.4
purl pkg:composer/moodle/moodle@3.1.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2dxb-v1af-jbax
1
vulnerability VCID-5rbf-4dz3-2qdz
2
vulnerability VCID-dhku-uah4-ykh8
3
vulnerability VCID-jn5n-6hg9-tyf7
4
vulnerability VCID-vtq4-fpr8-hudb
5
vulnerability VCID-x927-nh46-7fdy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.4
2
url pkg:composer/moodle/moodle@3.2.1
purl pkg:composer/moodle/moodle@3.2.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-2qjr-wjh1-8fh6
1
vulnerability VCID-dhku-uah4-ykh8
2
vulnerability VCID-jn5n-6hg9-tyf7
3
vulnerability VCID-x927-nh46-7fdy
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.1
aliases CVE-2017-2576
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-65y9-9ur2-pugc
1
url VCID-fsex-f512-pudv
vulnerability_id VCID-fsex-f512-pudv
summary 
Injection Vulnerability
In Moodle, text injection can occur in email headers, potentially leading to outbound spam.
references
0
reference_url https://moodle.org/mod/forum/discuss.php?d=336698
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=336698
1
reference_url http://www.securityfocus.com/bid/92040
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/92040
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-5013
reference_id CVE-2016-5013
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2016-5013
fixed_packages
0
url pkg:composer/moodle/moodle@2.9.7
purl pkg:composer/moodle/moodle@2.9.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vb67-yux5-ayhf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.7
1
url pkg:composer/moodle/moodle@3.0.5
purl pkg:composer/moodle/moodle@3.0.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vb67-yux5-ayhf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.5
2
url pkg:composer/moodle/moodle@3.1.1
purl pkg:composer/moodle/moodle@3.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vb67-yux5-ayhf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.1
aliases CVE-2016-5013
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fsex-f512-pudv
2
url VCID-qtt4-455b-abb6
vulnerability_id VCID-qtt4-455b-abb6
summary 
Exposure of Sensitive Information to an Unauthorized Actor
In Moodle 2.x and 3.x, an unenrolled user still receives event monitor notifications even though they can no longer access the course.
references
0
reference_url https://github.com/moodle/moodle/commit/ea106d2a1dbc633a22f12a119763b2af5f33542b
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/ea106d2a1dbc633a22f12a119763b2af5f33542b
1
reference_url https://moodle.org/mod/forum/discuss.php?d=336699
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=336699
2
reference_url https://web.archive.org/web/20210123154548/http://www.securityfocus.com/bid/92042
reference_id
reference_type
scores
url https://web.archive.org/web/20210123154548/http://www.securityfocus.com/bid/92042
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-5014
reference_id CVE-2016-5014
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2016-5014
4
reference_url https://github.com/advisories/GHSA-c4cq-v4wp-28hg
reference_id GHSA-c4cq-v4wp-28hg
reference_type
scores
url https://github.com/advisories/GHSA-c4cq-v4wp-28hg
fixed_packages
0
url pkg:composer/moodle/moodle@2.9.7
purl pkg:composer/moodle/moodle@2.9.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vb67-yux5-ayhf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.7
1
url pkg:composer/moodle/moodle@3.0.5
purl pkg:composer/moodle/moodle@3.0.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vb67-yux5-ayhf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.5
2
url pkg:composer/moodle/moodle@3.1.1
purl pkg:composer/moodle/moodle@3.1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-vb67-yux5-ayhf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.1
aliases CVE-2016-5014, GHSA-c4cq-v4wp-28hg
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qtt4-455b-abb6
3
url VCID-v54t-5thx-1beu
vulnerability_id VCID-v54t-5thx-1beu
summary 
Improper Access Control
In Moodle 2.x and 3.x, the question engine allows access to files that should not be available.
references
0
reference_url https://github.com/moodle/moodle/commit/cf0b9432d81ba9d5763e4894f82c95ca9fbf548f
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/cf0b9432d81ba9d5763e4894f82c95ca9fbf548f
1
reference_url https://moodle.org/mod/forum/discuss.php?d=343275
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=343275
2
reference_url https://web.archive.org/web/20210123193602/http://www.securityfocus.com/bid/94441
reference_id
reference_type
scores
url https://web.archive.org/web/20210123193602/http://www.securityfocus.com/bid/94441
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-8642
reference_id CVE-2016-8642
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2016-8642
4
reference_url https://github.com/advisories/GHSA-x32v-7qw8-cpq8
reference_id GHSA-x32v-7qw8-cpq8
reference_type
scores
url https://github.com/advisories/GHSA-x32v-7qw8-cpq8
fixed_packages
0
url pkg:composer/moodle/moodle@2.9.9
purl pkg:composer/moodle/moodle@2.9.9
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-65y9-9ur2-pugc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.9
1
url pkg:composer/moodle/moodle@3.0.7
purl pkg:composer/moodle/moodle@3.0.7
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-65y9-9ur2-pugc
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.7
2
url pkg:composer/moodle/moodle@3.1.3
purl pkg:composer/moodle/moodle@3.1.3
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-65y9-9ur2-pugc
1
vulnerability VCID-e2zc-7ujn-wybu
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.3
aliases CVE-2016-8642, GHSA-x32v-7qw8-cpq8
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v54t-5thx-1beu
4
url VCID-vb67-yux5-ayhf
vulnerability_id VCID-vb67-yux5-ayhf
summary 
Weak Password Recovery Mechanism for Forgotten Password
In Moodle, web service tokens are not invalidated when the user password is changed or forced to be changed.
references
0
reference_url https://moodle.org/mod/forum/discuss.php?d=339631
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=339631
1
reference_url http://www.securityfocus.com/bid/93174
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/93174
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-7038
reference_id CVE-2016-7038
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2016-7038
fixed_packages
0
url pkg:composer/moodle/moodle@2.9.8
purl pkg:composer/moodle/moodle@2.9.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-v54t-5thx-1beu
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.8
1
url pkg:composer/moodle/moodle@3.0.6
purl pkg:composer/moodle/moodle@3.0.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-v54t-5thx-1beu
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.6
2
url pkg:composer/moodle/moodle@3.1.2
purl pkg:composer/moodle/moodle@3.1.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-k1bh-ymgt-e7cd
1
vulnerability VCID-v54t-5thx-1beu
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.2
aliases CVE-2016-7038
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vb67-yux5-ayhf
Fixing_vulnerabilities
0
url VCID-4kq5-ctsv-eka8
vulnerability_id VCID-4kq5-ctsv-eka8
summary 
Improper Access Control
The "restore teacher" feature in Moodle allows remote authenticated users to overwrite the course id number.
references
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51369
reference_id
reference_type
scores
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51369
1
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1335933
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1335933
2
reference_url http://www.securitytracker.com/id/1035902
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1035902
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-3733
reference_id CVE-2016-3733
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2016-3733
fixed_packages
0
url pkg:composer/moodle/moodle@2.7.14
purl pkg:composer/moodle/moodle@2.7.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fsex-f512-pudv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.14
1
url pkg:composer/moodle/moodle@2.8.12
purl pkg:composer/moodle/moodle@2.8.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-65y9-9ur2-pugc
1
vulnerability VCID-fsex-f512-pudv
2
vulnerability VCID-qtt4-455b-abb6
3
vulnerability VCID-v54t-5thx-1beu
4
vulnerability VCID-vb67-yux5-ayhf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.12
2
url pkg:composer/moodle/moodle@2.9.6
purl pkg:composer/moodle/moodle@2.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fsex-f512-pudv
1
vulnerability VCID-qtt4-455b-abb6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.6
3
url pkg:composer/moodle/moodle@3.0.4
purl pkg:composer/moodle/moodle@3.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fsex-f512-pudv
1
vulnerability VCID-qtt4-455b-abb6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.4
aliases CVE-2016-3733
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4kq5-ctsv-eka8
1
url VCID-kgvw-uxf4-wbc1
vulnerability_id VCID-kgvw-uxf4-wbc1
summary 
Cross-Site Request Forgery (CSRF)
A Cross-site request forgery (CSRF) vulnerability in `markposts.php` in Moodle allows remote attackers to hijack the authentication of users for requests that marks forum posts as read.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1335933
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1335933
1
reference_url http://www.securityfocus.com/bid/91281
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/91281
2
reference_url http://www.securitytracker.com/id/1035902
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1035902
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-3734
reference_id CVE-2016-3734
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2016-3734
fixed_packages
0
url pkg:composer/moodle/moodle@2.7.14
purl pkg:composer/moodle/moodle@2.7.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fsex-f512-pudv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.14
1
url pkg:composer/moodle/moodle@2.8.12
purl pkg:composer/moodle/moodle@2.8.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-65y9-9ur2-pugc
1
vulnerability VCID-fsex-f512-pudv
2
vulnerability VCID-qtt4-455b-abb6
3
vulnerability VCID-v54t-5thx-1beu
4
vulnerability VCID-vb67-yux5-ayhf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.12
2
url pkg:composer/moodle/moodle@2.9.6
purl pkg:composer/moodle/moodle@2.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fsex-f512-pudv
1
vulnerability VCID-qtt4-455b-abb6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.6
3
url pkg:composer/moodle/moodle@3.0.4
purl pkg:composer/moodle/moodle@3.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fsex-f512-pudv
1
vulnerability VCID-qtt4-455b-abb6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.4
aliases CVE-2016-3734
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kgvw-uxf4-wbc1
2
url VCID-s3ue-e5h8-f3dy
vulnerability_id VCID-s3ue-e5h8-f3dy
summary 
Improper Access Control
The user editing form in Moodle allows remote authenticated users to edit profile fields locked by the administrator.
references
0
reference_url https://bugzilla.redhat.com/show_bug.cgi?id=1335933
reference_id
reference_type
scores
url https://bugzilla.redhat.com/show_bug.cgi?id=1335933
1
reference_url http://www.securitytracker.com/id/1035902
reference_id
reference_type
scores
url http://www.securitytracker.com/id/1035902
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2016-3729
reference_id CVE-2016-3729
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2016-3729
fixed_packages
0
url pkg:composer/moodle/moodle@2.7.14
purl pkg:composer/moodle/moodle@2.7.14
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fsex-f512-pudv
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.14
1
url pkg:composer/moodle/moodle@2.8.12
purl pkg:composer/moodle/moodle@2.8.12
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-65y9-9ur2-pugc
1
vulnerability VCID-fsex-f512-pudv
2
vulnerability VCID-qtt4-455b-abb6
3
vulnerability VCID-v54t-5thx-1beu
4
vulnerability VCID-vb67-yux5-ayhf
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.12
2
url pkg:composer/moodle/moodle@2.9.6
purl pkg:composer/moodle/moodle@2.9.6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fsex-f512-pudv
1
vulnerability VCID-qtt4-455b-abb6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.6
3
url pkg:composer/moodle/moodle@3.0.4
purl pkg:composer/moodle/moodle@3.0.4
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-fsex-f512-pudv
1
vulnerability VCID-qtt4-455b-abb6
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.4
aliases CVE-2016-3729
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-s3ue-e5h8-f3dy
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.12