{"url":"http://public2.vulnerablecode.io/api/packages/53198?format=json","purl":"pkg:composer/moodle/moodle@2.9.6","type":"composer","namespace":"moodle","name":"moodle","version":"2.9.6","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.0.9","latest_non_vulnerable_version":"5.1.2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38450?format=json","vulnerability_id":"VCID-fsex-f512-pudv","summary":"Injection Vulnerability\nIn Moodle, text injection can occur in email headers, potentially leading to outbound spam.","references":[{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=336698","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=336698"},{"reference_url":"http://www.securityfocus.com/bid/92040","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/92040"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5013","reference_id":"CVE-2016-5013","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5013"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53192?format=json","purl":"pkg:composer/moodle/moodle@2.9.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-vb67-yux5-ayhf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.7"},{"url":"http://public2.vulnerablecode.io/api/packages/53193?format=json","purl":"pkg:composer/moodle/moodle@3.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-vb67-yux5-ayhf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.5"},{"url":"http://public2.vulnerablecode.io/api/packages/53189?format=json","purl":"pkg:composer/moodle/moodle@3.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-vb67-yux5-ayhf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.1"}],"aliases":["CVE-2016-5013"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fsex-f512-pudv"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43673?format=json","vulnerability_id":"VCID-qtt4-455b-abb6","summary":"Exposure of Sensitive Information to an Unauthorized Actor\nIn Moodle 2.x and 3.x, an unenrolled user still receives event monitor notifications even though they can no longer access the course.","references":[{"reference_url":"https://github.com/moodle/moodle/commit/ea106d2a1dbc633a22f12a119763b2af5f33542b","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/ea106d2a1dbc633a22f12a119763b2af5f33542b"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=336699","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=336699"},{"reference_url":"https://web.archive.org/web/20210123154548/http://www.securityfocus.com/bid/92042","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20210123154548/http://www.securityfocus.com/bid/92042"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5014","reference_id":"CVE-2016-5014","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-5014"},{"reference_url":"https://github.com/advisories/GHSA-c4cq-v4wp-28hg","reference_id":"GHSA-c4cq-v4wp-28hg","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-c4cq-v4wp-28hg"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53192?format=json","purl":"pkg:composer/moodle/moodle@2.9.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-vb67-yux5-ayhf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.7"},{"url":"http://public2.vulnerablecode.io/api/packages/53193?format=json","purl":"pkg:composer/moodle/moodle@3.0.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-vb67-yux5-ayhf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.5"},{"url":"http://public2.vulnerablecode.io/api/packages/53189?format=json","purl":"pkg:composer/moodle/moodle@3.1.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-vb67-yux5-ayhf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.1"}],"aliases":["CVE-2016-5014","GHSA-c4cq-v4wp-28hg"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qtt4-455b-abb6"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38559?format=json","vulnerability_id":"VCID-4kq5-ctsv-eka8","summary":"Improper Access Control\nThe \"restore teacher\" feature in Moodle allows remote authenticated users to overwrite the course id number.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51369","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-51369"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1335933","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1335933"},{"reference_url":"http://www.securitytracker.com/id/1035902","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1035902"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3733","reference_id":"CVE-2016-3733","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3733"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53197?format=json","purl":"pkg:composer/moodle/moodle@2.7.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fsex-f512-pudv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.14"},{"url":"http://public2.vulnerablecode.io/api/packages/53191?format=json","purl":"pkg:composer/moodle/moodle@2.8.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-65y9-9ur2-pugc"},{"vulnerability":"VCID-fsex-f512-pudv"},{"vulnerability":"VCID-qtt4-455b-abb6"},{"vulnerability":"VCID-v54t-5thx-1beu"},{"vulnerability":"VCID-vb67-yux5-ayhf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.12"},{"url":"http://public2.vulnerablecode.io/api/packages/53198?format=json","purl":"pkg:composer/moodle/moodle@2.9.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fsex-f512-pudv"},{"vulnerability":"VCID-qtt4-455b-abb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.6"},{"url":"http://public2.vulnerablecode.io/api/packages/53199?format=json","purl":"pkg:composer/moodle/moodle@3.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fsex-f512-pudv"},{"vulnerability":"VCID-qtt4-455b-abb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.4"}],"aliases":["CVE-2016-3733"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4kq5-ctsv-eka8"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38558?format=json","vulnerability_id":"VCID-kgvw-uxf4-wbc1","summary":"Cross-Site Request Forgery (CSRF)\nA Cross-site request forgery (CSRF) vulnerability in `markposts.php` in Moodle allows remote attackers to hijack the authentication of users for requests that marks forum posts as read.","references":[{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1335933","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1335933"},{"reference_url":"http://www.securityfocus.com/bid/91281","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/91281"},{"reference_url":"http://www.securitytracker.com/id/1035902","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1035902"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3734","reference_id":"CVE-2016-3734","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3734"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53197?format=json","purl":"pkg:composer/moodle/moodle@2.7.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fsex-f512-pudv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.14"},{"url":"http://public2.vulnerablecode.io/api/packages/53191?format=json","purl":"pkg:composer/moodle/moodle@2.8.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-65y9-9ur2-pugc"},{"vulnerability":"VCID-fsex-f512-pudv"},{"vulnerability":"VCID-qtt4-455b-abb6"},{"vulnerability":"VCID-v54t-5thx-1beu"},{"vulnerability":"VCID-vb67-yux5-ayhf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.12"},{"url":"http://public2.vulnerablecode.io/api/packages/53198?format=json","purl":"pkg:composer/moodle/moodle@2.9.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fsex-f512-pudv"},{"vulnerability":"VCID-qtt4-455b-abb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.6"},{"url":"http://public2.vulnerablecode.io/api/packages/53199?format=json","purl":"pkg:composer/moodle/moodle@3.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fsex-f512-pudv"},{"vulnerability":"VCID-qtt4-455b-abb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.4"}],"aliases":["CVE-2016-3734"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-kgvw-uxf4-wbc1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38561?format=json","vulnerability_id":"VCID-s3ue-e5h8-f3dy","summary":"Improper Access Control\nThe user editing form in Moodle allows remote authenticated users to edit profile fields locked by the administrator.","references":[{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1335933","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1335933"},{"reference_url":"http://www.securitytracker.com/id/1035902","reference_id":"","reference_type":"","scores":[],"url":"http://www.securitytracker.com/id/1035902"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3729","reference_id":"CVE-2016-3729","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-3729"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53197?format=json","purl":"pkg:composer/moodle/moodle@2.7.14","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fsex-f512-pudv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.14"},{"url":"http://public2.vulnerablecode.io/api/packages/53191?format=json","purl":"pkg:composer/moodle/moodle@2.8.12","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-65y9-9ur2-pugc"},{"vulnerability":"VCID-fsex-f512-pudv"},{"vulnerability":"VCID-qtt4-455b-abb6"},{"vulnerability":"VCID-v54t-5thx-1beu"},{"vulnerability":"VCID-vb67-yux5-ayhf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.12"},{"url":"http://public2.vulnerablecode.io/api/packages/53198?format=json","purl":"pkg:composer/moodle/moodle@2.9.6","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fsex-f512-pudv"},{"vulnerability":"VCID-qtt4-455b-abb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.6"},{"url":"http://public2.vulnerablecode.io/api/packages/53199?format=json","purl":"pkg:composer/moodle/moodle@3.0.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fsex-f512-pudv"},{"vulnerability":"VCID-qtt4-455b-abb6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.4"}],"aliases":["CVE-2016-3729"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s3ue-e5h8-f3dy"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.6"}