Django REST framework

Lookup for vulnerable packages by Package URL.

Purl pkg:composer/moodle/moodle@3.4.1

Type composer

Namespace moodle

Name moodle

Version 3.4.1

Qualifiers

Subpath

Is_vulnerable true

Next_non_vulnerable_version 3.4.3

Latest_non_vulnerable_version 5.1.2

Affected_by_vulnerabilities

url VCID-fygy-9njn-abgd

vulnerability_id VCID-fygy-9njn-abgd

summary

Improper Authentication
A flaw was found in Moodle. If a user account using OAuth2 authentication method was once confirmed but later suspended, the user could still login to the site.

references

reference_url	https://moodle.org/mod/forum/discuss.php?d=367939
reference_id
reference_type
scores
url	https://moodle.org/mod/forum/discuss.php?d=367939

reference_url	http://www.securityfocus.com/bid/103725
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/103725

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2018-1082
reference_id	CVE-2018-1082
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2018-1082

fixed_packages

url pkg:composer/moodle/moodle@3.4.2

purl pkg:composer/moodle/moodle@3.4.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b7br-bh2d-rygp

vulnerability	VCID-ckg1-9vpt-yfdk

vulnerability	VCID-fegs-ubsk-63hu

vulnerability	VCID-g8ct-c4ce-zuaf

vulnerability	VCID-p2gd-7uam-mqf8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.2

aliases CVE-2018-1082

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fygy-9njn-abgd

url VCID-m4zv-e3dn-budf

vulnerability_id VCID-m4zv-e3dn-budf

summary

Improper Access Control
Unauthenticated users can trigger custom messages to admin via paypal enrol script. Paypal IPN callback script should only send error emails to admin after request origin was verified, otherwise admin email can be spammed.

references

reference_url	https://moodle.org/mod/forum/discuss.php?d=367938
reference_id
reference_type
scores
url	https://moodle.org/mod/forum/discuss.php?d=367938

reference_url	http://www.securityfocus.com/bid/103728
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/103728

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2018-1081
reference_id	CVE-2018-1081
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2018-1081

fixed_packages

url pkg:composer/moodle/moodle@3.4.2

purl pkg:composer/moodle/moodle@3.4.2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-b7br-bh2d-rygp

vulnerability	VCID-ckg1-9vpt-yfdk

vulnerability	VCID-fegs-ubsk-63hu

vulnerability	VCID-g8ct-c4ce-zuaf

vulnerability	VCID-p2gd-7uam-mqf8

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.2

aliases CVE-2018-1081

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m4zv-e3dn-budf

Fixing_vulnerabilities

url VCID-duna-st9c-mqbk

vulnerability_id VCID-duna-st9c-mqbk

summary

Information Exposure
In Moodle, the quiz web services allow students to see quiz results when it is prohibited in the settings.

references

reference_url	https://moodle.org/mod/forum/discuss.php?d=364383
reference_id
reference_type
scores
url	https://moodle.org/mod/forum/discuss.php?d=364383

reference_url	http://www.securityfocus.com/bid/102754
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/102754

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2018-1044
reference_id	CVE-2018-1044
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2018-1044

fixed_packages

url pkg:composer/moodle/moodle@3.1.10

purl pkg:composer/moodle/moodle@3.1.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-m4zv-e3dn-budf

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.10

url pkg:composer/moodle/moodle@3.2.7

purl pkg:composer/moodle/moodle@3.2.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-m4zv-e3dn-budf

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.7

url pkg:composer/moodle/moodle@3.3.4

purl pkg:composer/moodle/moodle@3.3.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fygy-9njn-abgd

vulnerability	VCID-m4zv-e3dn-budf

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.4

url pkg:composer/moodle/moodle@3.4.1

purl pkg:composer/moodle/moodle@3.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fygy-9njn-abgd

vulnerability	VCID-m4zv-e3dn-budf

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.1

aliases CVE-2018-1044

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-duna-st9c-mqbk

url VCID-nc2j-pay7-ryab

vulnerability_id VCID-nc2j-pay7-ryab

summary

Insufficient Access Control
The setting for blocked hosts list can be bypassed with multiple A record `hostnames`.

references

reference_url	https://moodle.org/mod/forum/discuss.php?d=364382
reference_id
reference_type
scores
url	https://moodle.org/mod/forum/discuss.php?d=364382

reference_url	http://www.securityfocus.com/bid/102769
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/102769

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2018-1043
reference_id	CVE-2018-1043
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2018-1043

fixed_packages

url pkg:composer/moodle/moodle@3.2.7

purl pkg:composer/moodle/moodle@3.2.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-m4zv-e3dn-budf

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.7

url pkg:composer/moodle/moodle@3.3.4

purl pkg:composer/moodle/moodle@3.3.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fygy-9njn-abgd

vulnerability	VCID-m4zv-e3dn-budf

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.4

url pkg:composer/moodle/moodle@3.4.1

purl pkg:composer/moodle/moodle@3.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fygy-9njn-abgd

vulnerability	VCID-m4zv-e3dn-budf

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.1

aliases CVE-2018-1043

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nc2j-pay7-ryab

url VCID-yghg-775s-vber

vulnerability_id VCID-yghg-775s-vber

summary

Server-Side Request Forgery (SSRF)
Moodle has Server Side Request Forgery in the `filepicker`.

references

reference_url	https://moodle.org/mod/forum/discuss.php?d=364381
reference_id
reference_type
scores
url	https://moodle.org/mod/forum/discuss.php?d=364381

reference_url	http://www.securityfocus.com/bid/102752
reference_id
reference_type
scores
url	http://www.securityfocus.com/bid/102752

reference_url	https://nvd.nist.gov/vuln/detail/CVE-2018-1042
reference_id	CVE-2018-1042
reference_type
scores
url	https://nvd.nist.gov/vuln/detail/CVE-2018-1042

fixed_packages

url pkg:composer/moodle/moodle@3.1.10

purl pkg:composer/moodle/moodle@3.1.10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-m4zv-e3dn-budf

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.10

url pkg:composer/moodle/moodle@3.2.7

purl pkg:composer/moodle/moodle@3.2.7

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-m4zv-e3dn-budf

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.7

url pkg:composer/moodle/moodle@3.3.4

purl pkg:composer/moodle/moodle@3.3.4

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fygy-9njn-abgd

vulnerability	VCID-m4zv-e3dn-budf

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.4

url pkg:composer/moodle/moodle@3.4.1

purl pkg:composer/moodle/moodle@3.4.1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-fygy-9njn-abgd

vulnerability	VCID-m4zv-e3dn-budf

resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.1

aliases CVE-2018-1042

risk_score null

exploitability null

weighted_severity null

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-yghg-775s-vber

Risk_score null

Resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.1

Package Instance