Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/moodle/moodle@3.3.3

Type composer

Namespace moodle

Name moodle

Version 3.3.3

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 3.3.6

Latest_non_vulnerable_version 5.1.2

Affected_by_vulnerabilities

url VCID-ajkr-fxa1-mkhk

vulnerability_id VCID-ajkr-fxa1-mkhk

summary

Cross-site Scripting
Moodle is vulnerable to XSS via a calendar event name.

references

reference_url	https://moodle.org/mod/forum/discuss.php?d=364384
reference_id
reference_type
scores
url	https://moodle.org/mod/forum/discuss.php?d=364384

reference_url	http://www.securityfocus.com/bid/102755
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/102755

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2018-1045
reference_id	CVE-2018-1045
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2018-1045

fixed_packages

url pkg:composer/moodle/moodle@3.3.4

purl pkg:composer/moodle/moodle@3.3.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fygy-9njn-abgd

vulnerability	VCID-m4zv-e3dn-budf

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.4

aliases CVE-2018-1045

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ajkr-fxa1-mkhk

url VCID-duna-st9c-mqbk

vulnerability_id VCID-duna-st9c-mqbk

summary

Information Exposure
In Moodle, the quiz web services allow students to see quiz results when it is prohibited in the settings.

references

reference_url	https://moodle.org/mod/forum/discuss.php?d=364383
reference_id
reference_type
scores
url	https://moodle.org/mod/forum/discuss.php?d=364383

reference_url	http://www.securityfocus.com/bid/102754
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/102754

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2018-1044
reference_id	CVE-2018-1044
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2018-1044

fixed_packages

url pkg:composer/moodle/moodle@3.3.4

purl pkg:composer/moodle/moodle@3.3.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fygy-9njn-abgd

vulnerability	VCID-m4zv-e3dn-budf

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.4

url pkg:composer/moodle/moodle@3.4.1

purl pkg:composer/moodle/moodle@3.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fygy-9njn-abgd

vulnerability	VCID-m4zv-e3dn-budf

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.1

aliases CVE-2018-1044

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-duna-st9c-mqbk

url VCID-nc2j-pay7-ryab

vulnerability_id VCID-nc2j-pay7-ryab

summary

Insufficient Access Control
The setting for blocked hosts list can be bypassed with multiple A record `hostnames`.

references

reference_url	https://moodle.org/mod/forum/discuss.php?d=364382
reference_id
reference_type
scores
url	https://moodle.org/mod/forum/discuss.php?d=364382

reference_url	http://www.securityfocus.com/bid/102769
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/102769

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2018-1043
reference_id	CVE-2018-1043
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2018-1043

fixed_packages

url pkg:composer/moodle/moodle@3.3.4

purl pkg:composer/moodle/moodle@3.3.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fygy-9njn-abgd

vulnerability	VCID-m4zv-e3dn-budf

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.4

url pkg:composer/moodle/moodle@3.4.1

purl pkg:composer/moodle/moodle@3.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fygy-9njn-abgd

vulnerability	VCID-m4zv-e3dn-budf

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.1

aliases CVE-2018-1043

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nc2j-pay7-ryab

url VCID-yghg-775s-vber

vulnerability_id VCID-yghg-775s-vber

summary

Server-Side Request Forgery (SSRF)
Moodle has Server Side Request Forgery in the `filepicker`.

references

reference_url	https://moodle.org/mod/forum/discuss.php?d=364381
reference_id
reference_type
scores
url	https://moodle.org/mod/forum/discuss.php?d=364381

reference_url	http://www.securityfocus.com/bid/102752
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/102752

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2018-1042
reference_id	CVE-2018-1042
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2018-1042

fixed_packages

url pkg:composer/moodle/moodle@3.3.4

purl pkg:composer/moodle/moodle@3.3.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fygy-9njn-abgd

vulnerability	VCID-m4zv-e3dn-budf

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.4

url pkg:composer/moodle/moodle@3.4.1

purl pkg:composer/moodle/moodle@3.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fygy-9njn-abgd

vulnerability	VCID-m4zv-e3dn-budf

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.1

aliases CVE-2018-1042

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yghg-775s-vber

Fixing_vulnerabilities

url VCID-83kb-4mk9-t7ge

vulnerability_id VCID-83kb-4mk9-t7ge

summary

Information Exposure
Students can find out email addresses of other students in the same course. Using search on the Participants page, students could search email addresses of all participants regardless of email visibility. This allows enumerating and guessing emails of other students.

references

reference_url	https://moodle.org/mod/forum/discuss.php?d=361784
reference_id
reference_type
scores
url	https://moodle.org/mod/forum/discuss.php?d=361784

reference_url	http://www.securityfocus.com/bid/101909
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/101909

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2017-15110
reference_id	CVE-2017-15110
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2017-15110

fixed_packages

url pkg:composer/moodle/moodle@3.1.9

purl pkg:composer/moodle/moodle@3.1.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-yghg-775s-vber

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.9

url pkg:composer/moodle/moodle@3.2.6

purl pkg:composer/moodle/moodle@3.2.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-nc2j-pay7-ryab

vulnerability	VCID-yghg-775s-vber

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.6

url pkg:composer/moodle/moodle@3.3.3

purl pkg:composer/moodle/moodle@3.3.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-nc2j-pay7-ryab

vulnerability	VCID-yghg-775s-vber

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.3

aliases CVE-2017-15110

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-83kb-4mk9-t7ge

url VCID-zgzm-wj81-jkah

vulnerability_id VCID-zgzm-wj81-jkah

summary

Cross-site Scripting
Moodle has an XSS in the contact form on the "non-respondents" page in non-anonymous feedback.

references

reference_url	https://moodle.org/mod/forum/discuss.php?d=358585
reference_id
reference_type
scores
url	https://moodle.org/mod/forum/discuss.php?d=358585

reference_url	http://www.securityfocus.com/bid/100867
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/100867

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2017-12156
reference_id	CVE-2017-12156
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2017-12156

fixed_packages

url pkg:composer/moodle/moodle@3.1.9

purl pkg:composer/moodle/moodle@3.1.9

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-yghg-775s-vber

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.9

url pkg:composer/moodle/moodle@3.2.6

purl pkg:composer/moodle/moodle@3.2.6

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-nc2j-pay7-ryab

vulnerability	VCID-yghg-775s-vber

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.6

url pkg:composer/moodle/moodle@3.3.3

purl pkg:composer/moodle/moodle@3.3.3

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-ajkr-fxa1-mkhk

vulnerability	VCID-duna-st9c-mqbk

vulnerability	VCID-nc2j-pay7-ryab

vulnerability	VCID-yghg-775s-vber

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.3

aliases CVE-2017-12156

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zgzm-wj81-jkah

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.3

Package Instance