{"url":"http://public2.vulnerablecode.io/api/packages/53196?format=json","purl":"pkg:composer/moodle/moodle@3.0.6","type":"composer","namespace":"moodle","name":"moodle","version":"3.0.6","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.0.9","latest_non_vulnerable_version":"5.1.2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43519?format=json","vulnerability_id":"VCID-v54t-5thx-1beu","summary":"Improper Access Control\nIn Moodle 2.x and 3.x, the question engine allows access to files that should not be available.","references":[{"reference_url":"https://github.com/moodle/moodle/commit/cf0b9432d81ba9d5763e4894f82c95ca9fbf548f","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/cf0b9432d81ba9d5763e4894f82c95ca9fbf548f"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=343275","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=343275"},{"reference_url":"https://web.archive.org/web/20210123193602/http://www.securityfocus.com/bid/94441","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20210123193602/http://www.securityfocus.com/bid/94441"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-8642","reference_id":"CVE-2016-8642","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-8642"},{"reference_url":"https://github.com/advisories/GHSA-x32v-7qw8-cpq8","reference_id":"GHSA-x32v-7qw8-cpq8","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-x32v-7qw8-cpq8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53207?format=json","purl":"pkg:composer/moodle/moodle@3.0.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-65y9-9ur2-pugc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.7"},{"url":"http://public2.vulnerablecode.io/api/packages/52966?format=json","purl":"pkg:composer/moodle/moodle@3.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-65y9-9ur2-pugc"},{"vulnerability":"VCID-e2zc-7ujn-wybu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.3"}],"aliases":["CVE-2016-8642","GHSA-x32v-7qw8-cpq8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v54t-5thx-1beu"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38449?format=json","vulnerability_id":"VCID-vb67-yux5-ayhf","summary":"Weak Password Recovery Mechanism for Forgotten Password\nIn Moodle, web service tokens are not invalidated when the user password is changed or forced to be changed.","references":[{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=339631","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=339631"},{"reference_url":"http://www.securityfocus.com/bid/93174","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/93174"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-7038","reference_id":"CVE-2016-7038","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-7038"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53194?format=json","purl":"pkg:composer/moodle/moodle@2.7.16","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-v54t-5thx-1beu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.16"},{"url":"http://public2.vulnerablecode.io/api/packages/53195?format=json","purl":"pkg:composer/moodle/moodle@2.9.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-v54t-5thx-1beu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.8"},{"url":"http://public2.vulnerablecode.io/api/packages/53196?format=json","purl":"pkg:composer/moodle/moodle@3.0.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-v54t-5thx-1beu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.6"},{"url":"http://public2.vulnerablecode.io/api/packages/52965?format=json","purl":"pkg:composer/moodle/moodle@3.1.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-k1bh-ymgt-e7cd"},{"vulnerability":"VCID-v54t-5thx-1beu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.2"}],"aliases":["CVE-2016-7038"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-vb67-yux5-ayhf"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.6"}