{"url":"http://public2.vulnerablecode.io/api/packages/54896?format=json","purl":"pkg:composer/moodle/moodle@3.4.1","type":"composer","namespace":"moodle","name":"moodle","version":"3.4.1","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.4.3","latest_non_vulnerable_version":"5.1.2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39537?format=json","vulnerability_id":"VCID-fygy-9njn-abgd","summary":"Improper Authentication\nA flaw was found in Moodle. If a user account using OAuth2 authentication method was once confirmed but later suspended, the user could still login to the site.","references":[{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=367939","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=367939"},{"reference_url":"http://www.securityfocus.com/bid/103725","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/103725"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1082","reference_id":"CVE-2018-1082","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1082"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55321?format=json","purl":"pkg:composer/moodle/moodle@3.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b7br-bh2d-rygp"},{"vulnerability":"VCID-ckg1-9vpt-yfdk"},{"vulnerability":"VCID-fegs-ubsk-63hu"},{"vulnerability":"VCID-g8ct-c4ce-zuaf"},{"vulnerability":"VCID-p2gd-7uam-mqf8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.2"}],"aliases":["CVE-2018-1082"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fygy-9njn-abgd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39536?format=json","vulnerability_id":"VCID-m4zv-e3dn-budf","summary":"Improper Access Control\nUnauthenticated users can trigger custom messages to admin via paypal enrol script. Paypal IPN callback script should only send error emails to admin after request origin was verified, otherwise admin email can be spammed.","references":[{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=367938","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=367938"},{"reference_url":"http://www.securityfocus.com/bid/103728","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/103728"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1081","reference_id":"CVE-2018-1081","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1081"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/55321?format=json","purl":"pkg:composer/moodle/moodle@3.4.2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-b7br-bh2d-rygp"},{"vulnerability":"VCID-ckg1-9vpt-yfdk"},{"vulnerability":"VCID-fegs-ubsk-63hu"},{"vulnerability":"VCID-g8ct-c4ce-zuaf"},{"vulnerability":"VCID-p2gd-7uam-mqf8"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.2"}],"aliases":["CVE-2018-1081"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-m4zv-e3dn-budf"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39325?format=json","vulnerability_id":"VCID-duna-st9c-mqbk","summary":"Information Exposure\nIn Moodle, the quiz web services allow students to see quiz results when it is prohibited in the settings.","references":[{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=364383","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=364383"},{"reference_url":"http://www.securityfocus.com/bid/102754","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/102754"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1044","reference_id":"CVE-2018-1044","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1044"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54885?format=json","purl":"pkg:composer/moodle/moodle@3.1.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-m4zv-e3dn-budf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.10"},{"url":"http://public2.vulnerablecode.io/api/packages/54886?format=json","purl":"pkg:composer/moodle/moodle@3.2.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-m4zv-e3dn-budf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.7"},{"url":"http://public2.vulnerablecode.io/api/packages/54887?format=json","purl":"pkg:composer/moodle/moodle@3.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fygy-9njn-abgd"},{"vulnerability":"VCID-m4zv-e3dn-budf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/54896?format=json","purl":"pkg:composer/moodle/moodle@3.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fygy-9njn-abgd"},{"vulnerability":"VCID-m4zv-e3dn-budf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.1"}],"aliases":["CVE-2018-1044"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-duna-st9c-mqbk"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39328?format=json","vulnerability_id":"VCID-nc2j-pay7-ryab","summary":"Insufficient Access Control\nThe setting for blocked hosts list can be bypassed with multiple A record `hostnames`.","references":[{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=364382","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=364382"},{"reference_url":"http://www.securityfocus.com/bid/102769","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/102769"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1043","reference_id":"CVE-2018-1043","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1043"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54886?format=json","purl":"pkg:composer/moodle/moodle@3.2.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-m4zv-e3dn-budf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.7"},{"url":"http://public2.vulnerablecode.io/api/packages/54887?format=json","purl":"pkg:composer/moodle/moodle@3.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fygy-9njn-abgd"},{"vulnerability":"VCID-m4zv-e3dn-budf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/54896?format=json","purl":"pkg:composer/moodle/moodle@3.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fygy-9njn-abgd"},{"vulnerability":"VCID-m4zv-e3dn-budf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.1"}],"aliases":["CVE-2018-1043"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-nc2j-pay7-ryab"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/39329?format=json","vulnerability_id":"VCID-yghg-775s-vber","summary":"Server-Side Request Forgery (SSRF)\nMoodle has Server Side Request Forgery in the `filepicker`.","references":[{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=364381","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=364381"},{"reference_url":"http://www.securityfocus.com/bid/102752","reference_id":"","reference_type":"","scores":[],"url":"http://www.securityfocus.com/bid/102752"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1042","reference_id":"CVE-2018-1042","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2018-1042"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/54885?format=json","purl":"pkg:composer/moodle/moodle@3.1.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-m4zv-e3dn-budf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.10"},{"url":"http://public2.vulnerablecode.io/api/packages/54886?format=json","purl":"pkg:composer/moodle/moodle@3.2.7","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-m4zv-e3dn-budf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.7"},{"url":"http://public2.vulnerablecode.io/api/packages/54887?format=json","purl":"pkg:composer/moodle/moodle@3.3.4","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fygy-9njn-abgd"},{"vulnerability":"VCID-m4zv-e3dn-budf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/54896?format=json","purl":"pkg:composer/moodle/moodle@3.4.1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-fygy-9njn-abgd"},{"vulnerability":"VCID-m4zv-e3dn-budf"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.1"}],"aliases":["CVE-2018-1042"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-yghg-775s-vber"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.1"}