{"url":"http://public2.vulnerablecode.io/api/packages/53191?format=json","purl":"pkg:composer/moodle/moodle@2.8.12","type":"composer","namespace":"moodle","name":"moodle","version":"2.8.12","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"2.9.1","latest_non_vulnerable_version":"5.1.2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38453?format=json","vulnerability_id":"VCID-65y9-9ur2-pugc","summary":"Improper Input Validation\nThere is incorrect sanitization of attributes in forums.","references":[{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=345912","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=345912"},{"reference_url":"http://www.securityfocus.com/bid/95649","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/95649"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2576","reference_id":"CVE-2017-2576","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2576"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53209?format=json","purl":"pkg:composer/moodle/moodle@3.0.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dxb-v1af-jbax"},{"vulnerability":"VCID-5rbf-4dz3-2qdz"},{"vulnerability":"VCID-dhku-uah4-ykh8"},{"vulnerability":"VCID-vtq4-fpr8-hudb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.8"},{"url":"http://public2.vulnerablecode.io/api/packages/53201?format=json","purl":"pkg:composer/moodle/moodle@3.1.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dxb-v1af-jbax"},{"vulnerability":"VCID-5rbf-4dz3-2qdz"},{"vulnerability":"VCID-dhku-uah4-ykh8"},{"vulnerability":"VCID-jn5n-6hg9-tyf7"},{"vulnerability":"VCID-vtq4-fpr8-hudb"},{"vulnerability":"VCID-x927-nh46-7fdy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.4"},{"url":"http://public2.vulnerablecode.io/api/packages/53202?format=json","purl":"pkg:composer/moodle/moodle@3.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2qjr-wjh1-8fh6"},{"vulnerability":"VCID-dhku-uah4-ykh8"},{"vulnerability":"VCID-jn5n-6hg9-tyf7"},{"vulnerability":"VCID-x927-nh46-7fdy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.1"}],"aliases":["CVE-2017-2576"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-65y9-9ur2-pugc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38450?format=json","vulnerability_id":"VCID-fsex-f512-pudv","summary":"Injection Vulnerability\nIn Moodle, text injection can occur in email headers, potentially leading to outbound spam.","references":[{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=336698","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=336698"},{"reference_url":"http://www.securityfocus.com/bid/92040","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/92040"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5013","reference_id":"CVE-2016-5013","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5013"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53192?format=json","purl":"pkg:composer/moodle/moodle@2.9.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-vb67-yux5-ayhf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.7"},{"url":"http://public2.vulnerablecode.io/api/packages/53193?format=json","purl":"pkg:composer/moodle/moodle@3.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-vb67-yux5-ayhf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.5"},{"url":"http://public2.vulnerablecode.io/api/packages/53189?format=json","purl":"pkg:composer/moodle/moodle@3.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-vb67-yux5-ayhf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.1"}],"aliases":["CVE-2016-5013"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fsex-f512-pudv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43673?format=json","vulnerability_id":"VCID-qtt4-455b-abb6","summary":"Exposure of Sensitive Information to an Unauthorized Actor\nIn Moodle 2.x and 3.x, an unenrolled user still receives event monitor notifications even though they can no longer access the course.","references":[{"reference_url":"https://github.com/moodle/moodle/commit/ea106d2a1dbc633a22f12a119763b2af5f33542b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/ea106d2a1dbc633a22f12a119763b2af5f33542b"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=336699","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=336699"},{"reference_url":"https://web.archive.org/web/20210123154548/http://www.securityfocus.com/bid/92042","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20210123154548/http://www.securityfocus.com/bid/92042"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5014","reference_id":"CVE-2016-5014","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5014"},{"reference_url":"https://github.com/advisories/GHSA-c4cq-v4wp-28hg","reference_id":"GHSA-c4cq-v4wp-28hg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-c4cq-v4wp-28hg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53192?format=json","purl":"pkg:composer/moodle/moodle@2.9.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-vb67-yux5-ayhf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.7"},{"url":"http://public2.vulnerablecode.io/api/packages/53193?format=json","purl":"pkg:composer/moodle/moodle@3.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-vb67-yux5-ayhf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.5"},{"url":"http://public2.vulnerablecode.io/api/packages/53189?format=json","purl":"pkg:composer/moodle/moodle@3.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-vb67-yux5-ayhf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.1"}],"aliases":["CVE-2016-5014","GHSA-c4cq-v4wp-28hg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qtt4-455b-abb6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43519?format=json","vulnerability_id":"VCID-v54t-5thx-1beu","summary":"Improper Access Control\nIn Moodle 2.x and 3.x, the question engine allows access to files that should not be available.","references":[{"reference_url":"https://github.com/moodle/moodle/commit/cf0b9432d81ba9d5763e4894f82c95ca9fbf548f","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/cf0b9432d81ba9d5763e4894f82c95ca9fbf548f"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=343275","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=343275"},{"reference_url":"https://web.archive.org/web/20210123193602/http://www.securityfocus.com/bid/94441","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20210123193602/http://www.securityfocus.com/bid/94441"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-8642","reference_id":"CVE-2016-8642","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-8642"},{"reference_url":"https://github.com/advisories/GHSA-x32v-7qw8-cpq8","reference_id":"GHSA-x32v-7qw8-cpq8","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-x32v-7qw8-cpq8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53206?format=json","purl":"pkg:composer/moodle/moodle@2.9.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-65y9-9ur2-pugc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.9"},{"url":"http://public2.vulnerablecode.io/api/packages/53207?format=json","purl":"pkg:composer/moodle/moodle@3.0.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-65y9-9ur2-pugc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.7"},{"url":"http://public2.vulnerablecode.io/api/packages/52966?format=json","purl":"pkg:composer/moodle/moodle@3.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-65y9-9ur2-pugc"},{"vulnerability":"VCID-e2zc-7ujn-wybu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.3"}],"aliases":["CVE-2016-8642","GHSA-x32v-7qw8-cpq8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v54t-5thx-1beu"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38449?format=json","vulnerability_id":"VCID-vb67-yux5-ayhf","summary":"Weak Password Recovery Mechanism for Forgotten Password\nIn Moodle, web service tokens are not invalidated when the user password is changed or forced to be changed.","references":[{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=339631","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=339631"},{"reference_url":"http://www.securityfocus.com/bid/93174","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/93174"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-7038","reference_id":"CVE-2016-7038","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-7038"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53195?format=json","purl":"pkg:composer/moodle/moodle@2.9.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-v54t-5thx-1beu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.8"},{"url":"http://public2.vulnerablecode.io/api/packages/53196?format=json","purl":"pkg:composer/moodle/moodle@3.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-v54t-5thx-1beu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.6"},{"url":"http://public2.vulnerablecode.io/api/packages/52965?format=json","purl":"pkg:composer/moodle/moodle@3.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-k1bh-ymgt-e7cd"},{"vulnerability":"VCID-v54t-5thx-1beu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.2"}],"aliases":["CVE-2016-7038"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vb67-yux5-ayhf"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38559?format=json","vulnerability_id":"VCID-4kq5-ctsv-eka8","summary":"Improper Access Control\nThe \"restore teacher\" feature in Moodle allows remote authenticated users to overwrite the course id number.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51369","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51369"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1335933","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1335933"},{"reference_url":"http://www.securitytracker.com/id/1035902","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1035902"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3733","reference_id":"CVE-2016-3733","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3733"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53197?format=json","purl":"pkg:composer/moodle/moodle@2.7.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fsex-f512-pudv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.14"},{"url":"http://public2.vulnerablecode.io/api/packages/53191?format=json","purl":"pkg:composer/moodle/moodle@2.8.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-65y9-9ur2-pugc"},{"vulnerability":"VCID-fsex-f512-pudv"},{"vulnerability":"VCID-qtt4-455b-abb6"},{"vulnerability":"VCID-v54t-5thx-1beu"},{"vulnerability":"VCID-vb67-yux5-ayhf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.12"},{"url":"http://public2.vulnerablecode.io/api/packages/53198?format=json","purl":"pkg:composer/moodle/moodle@2.9.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fsex-f512-pudv"},{"vulnerability":"VCID-qtt4-455b-abb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.6"},{"url":"http://public2.vulnerablecode.io/api/packages/53199?format=json","purl":"pkg:composer/moodle/moodle@3.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fsex-f512-pudv"},{"vulnerability":"VCID-qtt4-455b-abb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.4"}],"aliases":["CVE-2016-3733"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4kq5-ctsv-eka8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38558?format=json","vulnerability_id":"VCID-kgvw-uxf4-wbc1","summary":"Cross-Site Request Forgery (CSRF)\nA Cross-site request forgery (CSRF) vulnerability in `markposts.php` in Moodle allows remote attackers to hijack the authentication of users for requests that marks forum posts as read.","references":[{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1335933","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1335933"},{"reference_url":"http://www.securityfocus.com/bid/91281","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/91281"},{"reference_url":"http://www.securitytracker.com/id/1035902","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1035902"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3734","reference_id":"CVE-2016-3734","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3734"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53197?format=json","purl":"pkg:composer/moodle/moodle@2.7.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fsex-f512-pudv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.14"},{"url":"http://public2.vulnerablecode.io/api/packages/53191?format=json","purl":"pkg:composer/moodle/moodle@2.8.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-65y9-9ur2-pugc"},{"vulnerability":"VCID-fsex-f512-pudv"},{"vulnerability":"VCID-qtt4-455b-abb6"},{"vulnerability":"VCID-v54t-5thx-1beu"},{"vulnerability":"VCID-vb67-yux5-ayhf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.12"},{"url":"http://public2.vulnerablecode.io/api/packages/53198?format=json","purl":"pkg:composer/moodle/moodle@2.9.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fsex-f512-pudv"},{"vulnerability":"VCID-qtt4-455b-abb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.6"},{"url":"http://public2.vulnerablecode.io/api/packages/53199?format=json","purl":"pkg:composer/moodle/moodle@3.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fsex-f512-pudv"},{"vulnerability":"VCID-qtt4-455b-abb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.4"}],"aliases":["CVE-2016-3734"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kgvw-uxf4-wbc1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38561?format=json","vulnerability_id":"VCID-s3ue-e5h8-f3dy","summary":"Improper Access Control\nThe user editing form in Moodle allows remote authenticated users to edit profile fields locked by the administrator.","references":[{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1335933","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1335933"},{"reference_url":"http://www.securitytracker.com/id/1035902","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1035902"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3729","reference_id":"CVE-2016-3729","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3729"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53197?format=json","purl":"pkg:composer/moodle/moodle@2.7.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fsex-f512-pudv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.14"},{"url":"http://public2.vulnerablecode.io/api/packages/53191?format=json","purl":"pkg:composer/moodle/moodle@2.8.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-65y9-9ur2-pugc"},{"vulnerability":"VCID-fsex-f512-pudv"},{"vulnerability":"VCID-qtt4-455b-abb6"},{"vulnerability":"VCID-v54t-5thx-1beu"},{"vulnerability":"VCID-vb67-yux5-ayhf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.12"},{"url":"http://public2.vulnerablecode.io/api/packages/53198?format=json","purl":"pkg:composer/moodle/moodle@2.9.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fsex-f512-pudv"},{"vulnerability":"VCID-qtt4-455b-abb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.6"},{"url":"http://public2.vulnerablecode.io/api/packages/53199?format=json","purl":"pkg:composer/moodle/moodle@3.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fsex-f512-pudv"},{"vulnerability":"VCID-qtt4-455b-abb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.4"}],"aliases":["CVE-2016-3729"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s3ue-e5h8-f3dy"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.12"}