Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/moodle/moodle@3.2.8
Typecomposer
Namespacemoodle
Namemoodle
Version3.2.8
Qualifiers
Subpath
Is_vulnerabletrue
Next_non_vulnerable_version3.2.9
Latest_non_vulnerable_version5.1.2
Affected_by_vulnerabilities
0
url VCID-b7br-bh2d-rygp
vulnerability_id VCID-b7br-bh2d-rygp
summary 
Improper Input Validation
An issue was discovered in Moodle. By substituting URLs in portfolios, users can instantiate any class. This can also be exploited by users who are logged in as guests to create a DDoS attack.
references
0
reference_url https://moodle.org/mod/forum/discuss.php?d=371204
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=371204
1
reference_url http://www.securityfocus.com/bid/104307
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/104307
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1137
reference_id CVE-2018-1137
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-1137
fixed_packages
0
url pkg:composer/moodle/moodle@3.2.9
purl pkg:composer/moodle/moodle@3.2.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.9
1
url pkg:composer/moodle/moodle@3.3.6
purl pkg:composer/moodle/moodle@3.3.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.6
2
url pkg:composer/moodle/moodle@3.4.3
purl pkg:composer/moodle/moodle@3.4.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.3
aliases CVE-2018-1137
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b7br-bh2d-rygp
1
url VCID-ckg1-9vpt-yfdk
vulnerability_id VCID-ckg1-9vpt-yfdk
summary 
Improper Privilege Management
An issue was discovered in Moodle. Students who submitted assignments and exported them to portfolios can download any stored Moodle file by changing the download URL.
references
0
reference_url https://moodle.org/mod/forum/discuss.php?d=371200
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=371200
1
reference_url http://www.securityfocus.com/bid/104307
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/104307
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1134
reference_id CVE-2018-1134
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-1134
fixed_packages
0
url pkg:composer/moodle/moodle@3.2.9
purl pkg:composer/moodle/moodle@3.2.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.9
1
url pkg:composer/moodle/moodle@3.3.6
purl pkg:composer/moodle/moodle@3.3.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.6
2
url pkg:composer/moodle/moodle@3.4.3
purl pkg:composer/moodle/moodle@3.4.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.3
aliases CVE-2018-1134
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ckg1-9vpt-yfdk
2
url VCID-fegs-ubsk-63hu
vulnerability_id VCID-fegs-ubsk-63hu
summary 
Information Exposure
An issue was discovered in Moodle. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL.
references
0
reference_url https://moodle.org/mod/forum/discuss.php?d=371201
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=371201
1
reference_url http://www.securityfocus.com/bid/104307
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/104307
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1135
reference_id CVE-2018-1135
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-1135
fixed_packages
0
url pkg:composer/moodle/moodle@3.2.9
purl pkg:composer/moodle/moodle@3.2.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.9
1
url pkg:composer/moodle/moodle@3.3.6
purl pkg:composer/moodle/moodle@3.3.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.6
2
url pkg:composer/moodle/moodle@3.4.3
purl pkg:composer/moodle/moodle@3.4.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.3
aliases CVE-2018-1135
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fegs-ubsk-63hu
3
url VCID-g8ct-c4ce-zuaf
vulnerability_id VCID-g8ct-c4ce-zuaf
summary 
Cross-site Scripting
An issue was discovered in Moodle. An authenticated user is allowed to add HTML blocks containing scripts to their Dashboard; this is normally not a security issue because a personal dashboard is visible to this user only. Through this security vulnerability, users can move such a block to other pages where they can be viewed by other users.
references
0
reference_url https://moodle.org/mod/forum/discuss.php?d=371202
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=371202
1
reference_url http://www.securityfocus.com/bid/104307
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/104307
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1136
reference_id CVE-2018-1136
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-1136
fixed_packages
0
url pkg:composer/moodle/moodle@3.2.9
purl pkg:composer/moodle/moodle@3.2.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.9
1
url pkg:composer/moodle/moodle@3.3.6
purl pkg:composer/moodle/moodle@3.3.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.6
2
url pkg:composer/moodle/moodle@3.4.3
purl pkg:composer/moodle/moodle@3.4.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.3
aliases CVE-2018-1136
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-g8ct-c4ce-zuaf
4
url VCID-p2gd-7uam-mqf8
vulnerability_id VCID-p2gd-7uam-mqf8
summary 
Injection Vulnerability
An issue was discovered in Moodle. A Teacher creating a Calculated question can intentionally cause remote code execution on the server.
references
0
reference_url https://moodle.org/mod/forum/discuss.php?d=371199
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=371199
1
reference_url https://www.exploit-db.com/exploits/46551/
reference_id
reference_type
scores
url https://www.exploit-db.com/exploits/46551/
2
reference_url http://www.securityfocus.com/bid/104307
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/104307
3
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1133
reference_id CVE-2018-1133
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-1133
fixed_packages
0
url pkg:composer/moodle/moodle@3.2.9
purl pkg:composer/moodle/moodle@3.2.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.9
1
url pkg:composer/moodle/moodle@3.3.6
purl pkg:composer/moodle/moodle@3.3.6
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.6
2
url pkg:composer/moodle/moodle@3.4.3
purl pkg:composer/moodle/moodle@3.4.3
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.3
aliases CVE-2018-1133
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p2gd-7uam-mqf8
Fixing_vulnerabilities
0
url VCID-m4zv-e3dn-budf
vulnerability_id VCID-m4zv-e3dn-budf
summary 
Improper Access Control
Unauthenticated users can trigger custom messages to admin via paypal enrol script. Paypal IPN callback script should only send error emails to admin after request origin was verified, otherwise admin email can be spammed.
references
0
reference_url https://moodle.org/mod/forum/discuss.php?d=367938
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=367938
1
reference_url http://www.securityfocus.com/bid/103728
reference_id
reference_type
scores
url http://www.securityfocus.com/bid/103728
2
reference_url https://nvd.nist.gov/vuln/detail/CVE-2018-1081
reference_id CVE-2018-1081
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2018-1081
fixed_packages
0
url pkg:composer/moodle/moodle@3.1.11
purl pkg:composer/moodle/moodle@3.1.11
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b7br-bh2d-rygp
1
vulnerability VCID-ckg1-9vpt-yfdk
2
vulnerability VCID-fegs-ubsk-63hu
3
vulnerability VCID-g8ct-c4ce-zuaf
4
vulnerability VCID-p2gd-7uam-mqf8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.11
1
url pkg:composer/moodle/moodle@3.2.8
purl pkg:composer/moodle/moodle@3.2.8
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b7br-bh2d-rygp
1
vulnerability VCID-ckg1-9vpt-yfdk
2
vulnerability VCID-fegs-ubsk-63hu
3
vulnerability VCID-g8ct-c4ce-zuaf
4
vulnerability VCID-p2gd-7uam-mqf8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.8
2
url pkg:composer/moodle/moodle@3.3.5
purl pkg:composer/moodle/moodle@3.3.5
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b7br-bh2d-rygp
1
vulnerability VCID-ckg1-9vpt-yfdk
2
vulnerability VCID-fegs-ubsk-63hu
3
vulnerability VCID-g8ct-c4ce-zuaf
4
vulnerability VCID-p2gd-7uam-mqf8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.3.5
3
url pkg:composer/moodle/moodle@3.4.2
purl pkg:composer/moodle/moodle@3.4.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-b7br-bh2d-rygp
1
vulnerability VCID-ckg1-9vpt-yfdk
2
vulnerability VCID-fegs-ubsk-63hu
3
vulnerability VCID-g8ct-c4ce-zuaf
4
vulnerability VCID-p2gd-7uam-mqf8
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.2
aliases CVE-2018-1081
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-m4zv-e3dn-budf
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.2.8