{"url":"http://public2.vulnerablecode.io/api/packages/57657?format=json","purl":"pkg:composer/moodle/moodle@3.6.3","type":"composer","namespace":"moodle","name":"moodle","version":"3.6.3","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.6.4","latest_non_vulnerable_version":"5.1.2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41135?format=json","vulnerability_id":"VCID-deur-8zdf-2kh2","summary":"Improper Input Validation\nThe size of users' private file uploads via email were not correctly checked, so their quota allowance could be exceeded.","references":[{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10134","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10134"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=386524","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=386524"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10134","reference_id":"CVE-2019-10134","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10134"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58258?format=json","purl":"pkg:composer/moodle/moodle@3.6.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.4"}],"aliases":["CVE-2019-10134"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-deur-8zdf-2kh2"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41132?format=json","vulnerability_id":"VCID-qxsq-ku22-r7gx","summary":"URL Redirection to Untrusted Site (Open Redirect)\nThe form to upload cohorts contained a redirect field, which was not restricted to internal URLs.","references":[{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10133","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-10133"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=386523","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=386523"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10133","reference_id":"CVE-2019-10133","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-10133"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/58258?format=json","purl":"pkg:composer/moodle/moodle@3.6.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.4"}],"aliases":["CVE-2019-10133"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qxsq-ku22-r7gx"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40840?format=json","vulnerability_id":"VCID-akv3-zfp8-kkc7","summary":"Permissions, Privileges, and Access Controls\nThere was a link to site home within the the Boost theme's secure layout, meaning students could navigate out of the page.","references":[{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3851","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3851"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=384014#p1547746","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=384014#p1547746"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3851","reference_id":"CVE-2019-3851","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3851"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57656?format=json","purl":"pkg:composer/moodle/moodle@3.5.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-deur-8zdf-2kh2"},{"vulnerability":"VCID-qxsq-ku22-r7gx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.5"},{"url":"http://public2.vulnerablecode.io/api/packages/57657?format=json","purl":"pkg:composer/moodle/moodle@3.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-deur-8zdf-2kh2"},{"vulnerability":"VCID-qxsq-ku22-r7gx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.3"}],"aliases":["CVE-2019-3851"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-akv3-zfp8-kkc7"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43638?format=json","vulnerability_id":"VCID-eaf7-c68j-audm","summary":"Moodle context freezing\nA vulnerability was found in moodle before version 3.6.3. The get_with_capability_join and get_users_by_capability functions were not taking context freezing into account when checking user capabilities","references":[{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3852","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3852"},{"reference_url":"https://github.com/moodle/moodle","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle"},{"reference_url":"https://github.com/moodle/moodle/commit/5ee3cbc624c1c4d39adc08c2121a1738d6b5e700","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/5ee3cbc624c1c4d39adc08c2121a1738d6b5e700"},{"reference_url":"https://github.com/moodle/moodle/commit/90c2e5e707c27cd1ef0b992cc5e55e76dcd17204","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/90c2e5e707c27cd1ef0b992cc5e55e76dcd17204"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=384015#p1547748","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=384015#p1547748"},{"reference_url":"https://web.archive.org/web/20210624085935/http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64410","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20210624085935/http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64410"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3852","reference_id":"CVE-2019-3852","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3852"},{"reference_url":"https://github.com/advisories/GHSA-v2rh-5v88-rgvh","reference_id":"GHSA-v2rh-5v88-rgvh","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-v2rh-5v88-rgvh"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57657?format=json","purl":"pkg:composer/moodle/moodle@3.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-deur-8zdf-2kh2"},{"vulnerability":"VCID-qxsq-ku22-r7gx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.3"}],"aliases":["CVE-2019-3852","GHSA-v2rh-5v88-rgvh"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-eaf7-c68j-audm"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40841?format=json","vulnerability_id":"VCID-qhv1-wgpm-7fh6","summary":"Improper Authorization\nUsers could assign themselves an escalated role within courses or content accessed via LTI, by modifying the request to the LTI publisher site.","references":[{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3849","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3849"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=384012#p1547744","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=384012#p1547744"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3849","reference_id":"CVE-2019-3849","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3849"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57658?format=json","purl":"pkg:composer/moodle/moodle@3.4.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-deur-8zdf-2kh2"},{"vulnerability":"VCID-qxsq-ku22-r7gx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.8"},{"url":"http://public2.vulnerablecode.io/api/packages/57656?format=json","purl":"pkg:composer/moodle/moodle@3.5.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-deur-8zdf-2kh2"},{"vulnerability":"VCID-qxsq-ku22-r7gx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.5"},{"url":"http://public2.vulnerablecode.io/api/packages/57657?format=json","purl":"pkg:composer/moodle/moodle@3.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-deur-8zdf-2kh2"},{"vulnerability":"VCID-qxsq-ku22-r7gx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.3"}],"aliases":["CVE-2019-3849"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qhv1-wgpm-7fh6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40842?format=json","vulnerability_id":"VCID-r6kn-b963-eqge","summary":"URL Redirection to Untrusted Site (Open Redirect)\nLinks within assignment submission comments would open directly (in the same window). Although links themselves may be valid, opening within the same window and without the no-referrer header policy made them more susceptible to exploits.","references":[{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3850","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3850"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=384013#p1547745","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=384013#p1547745"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3850","reference_id":"CVE-2019-3850","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3850"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57662?format=json","purl":"pkg:composer/moodle/moodle@3.1.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-deur-8zdf-2kh2"},{"vulnerability":"VCID-qxsq-ku22-r7gx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.17"},{"url":"http://public2.vulnerablecode.io/api/packages/57658?format=json","purl":"pkg:composer/moodle/moodle@3.4.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-deur-8zdf-2kh2"},{"vulnerability":"VCID-qxsq-ku22-r7gx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.8"},{"url":"http://public2.vulnerablecode.io/api/packages/57656?format=json","purl":"pkg:composer/moodle/moodle@3.5.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-deur-8zdf-2kh2"},{"vulnerability":"VCID-qxsq-ku22-r7gx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.5"},{"url":"http://public2.vulnerablecode.io/api/packages/57657?format=json","purl":"pkg:composer/moodle/moodle@3.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-deur-8zdf-2kh2"},{"vulnerability":"VCID-qxsq-ku22-r7gx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.3"}],"aliases":["CVE-2019-3850"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-r6kn-b963-eqge"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40847?format=json","vulnerability_id":"VCID-s6uu-335k-yfbc","summary":"Improper Input Validation\nUsers with the \"login as other users\" capability (such as administrators/managers) can access other users' Dashboards, but the JavaScript those other users may have added to their Dashboard was not being escaped when being viewed by the user logging in on their behalf.","references":[{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3847","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3847"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=384010#p1547742","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=384010#p1547742"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3847","reference_id":"CVE-2019-3847","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3847"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57662?format=json","purl":"pkg:composer/moodle/moodle@3.1.17","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-deur-8zdf-2kh2"},{"vulnerability":"VCID-qxsq-ku22-r7gx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.1.17"},{"url":"http://public2.vulnerablecode.io/api/packages/57658?format=json","purl":"pkg:composer/moodle/moodle@3.4.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-deur-8zdf-2kh2"},{"vulnerability":"VCID-qxsq-ku22-r7gx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.8"},{"url":"http://public2.vulnerablecode.io/api/packages/57656?format=json","purl":"pkg:composer/moodle/moodle@3.5.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-deur-8zdf-2kh2"},{"vulnerability":"VCID-qxsq-ku22-r7gx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.5"},{"url":"http://public2.vulnerablecode.io/api/packages/57657?format=json","purl":"pkg:composer/moodle/moodle@3.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-deur-8zdf-2kh2"},{"vulnerability":"VCID-qxsq-ku22-r7gx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.3"}],"aliases":["CVE-2019-3847"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-s6uu-335k-yfbc"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/40843?format=json","vulnerability_id":"VCID-zjrq-np3y-hua5","summary":"Information Exposure\nPermissions were not correctly checked before loading event information into the calendar's edit event modal popup, so logged in non-guest users could view unauthorised calendar events.","references":[{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3848","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-3848"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=384011#p1547743","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=384011#p1547743"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3848","reference_id":"CVE-2019-3848","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-3848"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/57658?format=json","purl":"pkg:composer/moodle/moodle@3.4.8","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-deur-8zdf-2kh2"},{"vulnerability":"VCID-qxsq-ku22-r7gx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.4.8"},{"url":"http://public2.vulnerablecode.io/api/packages/57656?format=json","purl":"pkg:composer/moodle/moodle@3.5.5","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-deur-8zdf-2kh2"},{"vulnerability":"VCID-qxsq-ku22-r7gx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.5.5"},{"url":"http://public2.vulnerablecode.io/api/packages/57657?format=json","purl":"pkg:composer/moodle/moodle@3.6.3","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-deur-8zdf-2kh2"},{"vulnerability":"VCID-qxsq-ku22-r7gx"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.3"}],"aliases":["CVE-2019-3848"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zjrq-np3y-hua5"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.6.3"}