{"url":"http://public2.vulnerablecode.io/api/packages/54885?format=json","purl":"pkg:composer/moodle/moodle@3.1.10","type":"composer","namespace":"moodle","name":"moodle","version":"3.1.10","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.1.12","latest_non_vulnerable_version":"5.1.2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39536?format=json","vulnerability_id":"VCID-m4zv-e3dn-budf","summary":"Improper Access Control\nUnauthenticated users can trigger custom messages to admin via paypal enrol script. Paypal IPN callback script should only send error emails to admin after request origin was verified, otherwise admin email can be spammed.","references":[{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=367938","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=367938"},{"reference_url":"http://www.securityfocus.com/bid/103728","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/103728"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1081","reference_id":"CVE-2018-1081","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1081"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55318?format=json","purl":"pkg:composer/moodle/moodle@3.1.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b7br-bh2d-rygp"},{"vulnerability":"VCID-ckg1-9vpt-yfdk"},{"vulnerability":"VCID-fegs-ubsk-63hu"},{"vulnerability":"VCID-g8ct-c4ce-zuaf"},{"vulnerability":"VCID-p2gd-7uam-mqf8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.11"},{"url":"http://public2.vulnerablecode.io/api/packages/55319?format=json","purl":"pkg:composer/moodle/moodle@3.2.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b7br-bh2d-rygp"},{"vulnerability":"VCID-ckg1-9vpt-yfdk"},{"vulnerability":"VCID-fegs-ubsk-63hu"},{"vulnerability":"VCID-g8ct-c4ce-zuaf"},{"vulnerability":"VCID-p2gd-7uam-mqf8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.8"},{"url":"http://public2.vulnerablecode.io/api/packages/55320?format=json","purl":"pkg:composer/moodle/moodle@3.3.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b7br-bh2d-rygp"},{"vulnerability":"VCID-ckg1-9vpt-yfdk"},{"vulnerability":"VCID-fegs-ubsk-63hu"},{"vulnerability":"VCID-g8ct-c4ce-zuaf"},{"vulnerability":"VCID-p2gd-7uam-mqf8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.5"},{"url":"http://public2.vulnerablecode.io/api/packages/55321?format=json","purl":"pkg:composer/moodle/moodle@3.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b7br-bh2d-rygp"},{"vulnerability":"VCID-ckg1-9vpt-yfdk"},{"vulnerability":"VCID-fegs-ubsk-63hu"},{"vulnerability":"VCID-g8ct-c4ce-zuaf"},{"vulnerability":"VCID-p2gd-7uam-mqf8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.2"}],"aliases":["CVE-2018-1081"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m4zv-e3dn-budf"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39322?format=json","vulnerability_id":"VCID-ajkr-fxa1-mkhk","summary":"Cross-site Scripting\nMoodle is vulnerable to XSS via a calendar event name.","references":[{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=364384","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=364384"},{"reference_url":"http://www.securityfocus.com/bid/102755","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/102755"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1045","reference_id":"CVE-2018-1045","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1045"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54885?format=json","purl":"pkg:composer/moodle/moodle@3.1.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-m4zv-e3dn-budf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.10"},{"url":"http://public2.vulnerablecode.io/api/packages/54886?format=json","purl":"pkg:composer/moodle/moodle@3.2.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-m4zv-e3dn-budf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.7"},{"url":"http://public2.vulnerablecode.io/api/packages/54887?format=json","purl":"pkg:composer/moodle/moodle@3.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fygy-9njn-abgd"},{"vulnerability":"VCID-m4zv-e3dn-budf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.4"}],"aliases":["CVE-2018-1045"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-ajkr-fxa1-mkhk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39325?format=json","vulnerability_id":"VCID-duna-st9c-mqbk","summary":"Information Exposure\nIn Moodle, the quiz web services allow students to see quiz results when it is prohibited in the settings.","references":[{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=364383","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=364383"},{"reference_url":"http://www.securityfocus.com/bid/102754","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/102754"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1044","reference_id":"CVE-2018-1044","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1044"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54885?format=json","purl":"pkg:composer/moodle/moodle@3.1.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-m4zv-e3dn-budf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.10"},{"url":"http://public2.vulnerablecode.io/api/packages/54886?format=json","purl":"pkg:composer/moodle/moodle@3.2.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-m4zv-e3dn-budf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.7"},{"url":"http://public2.vulnerablecode.io/api/packages/54887?format=json","purl":"pkg:composer/moodle/moodle@3.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fygy-9njn-abgd"},{"vulnerability":"VCID-m4zv-e3dn-budf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/54896?format=json","purl":"pkg:composer/moodle/moodle@3.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fygy-9njn-abgd"},{"vulnerability":"VCID-m4zv-e3dn-budf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.1"}],"aliases":["CVE-2018-1044"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-duna-st9c-mqbk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39329?format=json","vulnerability_id":"VCID-yghg-775s-vber","summary":"Server-Side Request Forgery (SSRF)\nMoodle has Server Side Request Forgery in the `filepicker`.","references":[{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=364381","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=364381"},{"reference_url":"http://www.securityfocus.com/bid/102752","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/102752"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1042","reference_id":"CVE-2018-1042","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1042"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54885?format=json","purl":"pkg:composer/moodle/moodle@3.1.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-m4zv-e3dn-budf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.10"},{"url":"http://public2.vulnerablecode.io/api/packages/54886?format=json","purl":"pkg:composer/moodle/moodle@3.2.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-m4zv-e3dn-budf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.7"},{"url":"http://public2.vulnerablecode.io/api/packages/54887?format=json","purl":"pkg:composer/moodle/moodle@3.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fygy-9njn-abgd"},{"vulnerability":"VCID-m4zv-e3dn-budf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/54896?format=json","purl":"pkg:composer/moodle/moodle@3.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fygy-9njn-abgd"},{"vulnerability":"VCID-m4zv-e3dn-budf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.1"}],"aliases":["CVE-2018-1042"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yghg-775s-vber"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.10"}