{"url":"http://public2.vulnerablecode.io/api/packages/53207?format=json","purl":"pkg:composer/moodle/moodle@3.0.7","type":"composer","namespace":"moodle","name":"moodle","version":"3.0.7","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.0.9","latest_non_vulnerable_version":"5.1.2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/38453?format=json","vulnerability_id":"VCID-65y9-9ur2-pugc","summary":"Improper Input Validation\nThere is incorrect sanitization of attributes in forums.","references":[{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=345912","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=345912"},{"reference_url":"http://www.securityfocus.com/bid/95649","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/95649"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2576","reference_id":"CVE-2017-2576","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2017-2576"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53209?format=json","purl":"pkg:composer/moodle/moodle@3.0.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dxb-v1af-jbax"},{"vulnerability":"VCID-5rbf-4dz3-2qdz"},{"vulnerability":"VCID-dhku-uah4-ykh8"},{"vulnerability":"VCID-vtq4-fpr8-hudb"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.8"},{"url":"http://public2.vulnerablecode.io/api/packages/53201?format=json","purl":"pkg:composer/moodle/moodle@3.1.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2dxb-v1af-jbax"},{"vulnerability":"VCID-5rbf-4dz3-2qdz"},{"vulnerability":"VCID-dhku-uah4-ykh8"},{"vulnerability":"VCID-jn5n-6hg9-tyf7"},{"vulnerability":"VCID-vtq4-fpr8-hudb"},{"vulnerability":"VCID-x927-nh46-7fdy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.4"},{"url":"http://public2.vulnerablecode.io/api/packages/53202?format=json","purl":"pkg:composer/moodle/moodle@3.2.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2qjr-wjh1-8fh6"},{"vulnerability":"VCID-dhku-uah4-ykh8"},{"vulnerability":"VCID-jn5n-6hg9-tyf7"},{"vulnerability":"VCID-x927-nh46-7fdy"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.1"}],"aliases":["CVE-2017-2576"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-65y9-9ur2-pugc"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43519?format=json","vulnerability_id":"VCID-v54t-5thx-1beu","summary":"Improper Access Control\nIn Moodle 2.x and 3.x, the question engine allows access to files that should not be available.","references":[{"reference_url":"https://github.com/moodle/moodle/commit/cf0b9432d81ba9d5763e4894f82c95ca9fbf548f","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/cf0b9432d81ba9d5763e4894f82c95ca9fbf548f"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=343275","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=343275"},{"reference_url":"https://web.archive.org/web/20210123193602/http://www.securityfocus.com/bid/94441","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20210123193602/http://www.securityfocus.com/bid/94441"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2016-8642","reference_id":"CVE-2016-8642","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2016-8642"},{"reference_url":"https://github.com/advisories/GHSA-x32v-7qw8-cpq8","reference_id":"GHSA-x32v-7qw8-cpq8","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-x32v-7qw8-cpq8"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/53205?format=json","purl":"pkg:composer/moodle/moodle@2.7.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-65y9-9ur2-pugc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.17"},{"url":"http://public2.vulnerablecode.io/api/packages/53206?format=json","purl":"pkg:composer/moodle/moodle@2.9.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-65y9-9ur2-pugc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.9"},{"url":"http://public2.vulnerablecode.io/api/packages/53207?format=json","purl":"pkg:composer/moodle/moodle@3.0.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-65y9-9ur2-pugc"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.7"},{"url":"http://public2.vulnerablecode.io/api/packages/52966?format=json","purl":"pkg:composer/moodle/moodle@3.1.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-65y9-9ur2-pugc"},{"vulnerability":"VCID-e2zc-7ujn-wybu"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.3"}],"aliases":["CVE-2016-8642","GHSA-x32v-7qw8-cpq8"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-v54t-5thx-1beu"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.0.7"}