{"url":"http://public2.vulnerablecode.io/api/packages/59620?format=json","purl":"pkg:composer/moodle/moodle@3.9.11","type":"composer","namespace":"moodle","name":"moodle","version":"3.9.11","qualifiers":{},"subpath":"","is_vulnerable":true,"next_non_vulnerable_version":"3.9.12","latest_non_vulnerable_version":"5.1.2","affected_by_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42176?format=json","vulnerability_id":"VCID-hk13-uc46-87h1","summary":"Exposure of Resource to Wrong Sphere\nInsufficient capability checks could lead to users accessing their grade report for courses where they does not have the required `gradereport/user:view` capability.","references":[{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2043664","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2043664"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=431102","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=431102"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0334","reference_id":"CVE-2022-0334","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0334"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60269?format=json","purl":"pkg:composer/moodle/moodle@3.9.12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.12"},{"url":"http://public2.vulnerablecode.io/api/packages/60270?format=json","purl":"pkg:composer/moodle/moodle@3.10.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-95f1-6g3r-rkg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.9"},{"url":"http://public2.vulnerablecode.io/api/packages/60265?format=json","purl":"pkg:composer/moodle/moodle@3.11.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.11.5"}],"aliases":["CVE-2022-0334"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hk13-uc46-87h1"}],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41756?format=json","vulnerability_id":"VCID-164m-humk-1fe3","summary":"Exposure of Resource to Wrong Sphere\nInsufficient capability checks made it possible to fetch other users' calendar action events.","references":[{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2021519","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2021519"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=429100","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=429100"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-43560","reference_id":"CVE-2021-43560","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-43560"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/59625?format=json","purl":"pkg:composer/moodle/moodle@3.8.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-57wg-wxss-jbaw"},{"vulnerability":"VCID-hk13-uc46-87h1"},{"vulnerability":"VCID-qfvz-hf8h-8bb3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.8.9"},{"url":"http://public2.vulnerablecode.io/api/packages/59620?format=json","purl":"pkg:composer/moodle/moodle@3.9.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hk13-uc46-87h1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.11"},{"url":"http://public2.vulnerablecode.io/api/packages/59621?format=json","purl":"pkg:composer/moodle/moodle@3.10.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.8"},{"url":"http://public2.vulnerablecode.io/api/packages/59622?format=json","purl":"pkg:composer/moodle/moodle@3.11.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.11.4"}],"aliases":["CVE-2021-43560"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-164m-humk-1fe3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41753?format=json","vulnerability_id":"VCID-p3ge-1cqt-tufw","summary":"Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')\nA URL parameter in the filetype site administrator tool requires extra sanitizing to prevent a reflected XSS risk.","references":[{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2021515","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2021515"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=429097","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=429097"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-43558","reference_id":"CVE-2021-43558","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-43558"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/59625?format=json","purl":"pkg:composer/moodle/moodle@3.8.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-57wg-wxss-jbaw"},{"vulnerability":"VCID-hk13-uc46-87h1"},{"vulnerability":"VCID-qfvz-hf8h-8bb3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.8.9"},{"url":"http://public2.vulnerablecode.io/api/packages/59620?format=json","purl":"pkg:composer/moodle/moodle@3.9.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hk13-uc46-87h1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.11"},{"url":"http://public2.vulnerablecode.io/api/packages/59621?format=json","purl":"pkg:composer/moodle/moodle@3.10.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.8"},{"url":"http://public2.vulnerablecode.io/api/packages/59622?format=json","purl":"pkg:composer/moodle/moodle@3.11.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.11.4"}],"aliases":["CVE-2021-43558"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-p3ge-1cqt-tufw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41752?format=json","vulnerability_id":"VCID-u32t-89zc-v3gj","summary":"Cross-Site Request Forgery (CSRF)\nThe `delete related badge` functionality does not include the necessary token check to prevent a CSRF risk.","references":[{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2021517","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2021517"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=429099","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=429099"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-43559","reference_id":"CVE-2021-43559","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-43559"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/59625?format=json","purl":"pkg:composer/moodle/moodle@3.8.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-57wg-wxss-jbaw"},{"vulnerability":"VCID-hk13-uc46-87h1"},{"vulnerability":"VCID-qfvz-hf8h-8bb3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.8.9"},{"url":"http://public2.vulnerablecode.io/api/packages/59620?format=json","purl":"pkg:composer/moodle/moodle@3.9.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hk13-uc46-87h1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.11"},{"url":"http://public2.vulnerablecode.io/api/packages/59621?format=json","purl":"pkg:composer/moodle/moodle@3.10.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.8"},{"url":"http://public2.vulnerablecode.io/api/packages/59622?format=json","purl":"pkg:composer/moodle/moodle@3.11.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.11.4"}],"aliases":["CVE-2021-43559"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-u32t-89zc-v3gj"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/41750?format=json","vulnerability_id":"VCID-zf4q-a4cz-y7dh","summary":"Improper Input Validation\nA flaw was found in Moodle to to to unsupported versions. A remote code execution risk when restoring backup files was identified.","references":[{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2021963","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2021963"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=429095","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=429095"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3943","reference_id":"CVE-2021-3943","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-3943"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/59620?format=json","purl":"pkg:composer/moodle/moodle@3.9.11","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hk13-uc46-87h1"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.11"},{"url":"http://public2.vulnerablecode.io/api/packages/59621?format=json","purl":"pkg:composer/moodle/moodle@3.10.8","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.8"},{"url":"http://public2.vulnerablecode.io/api/packages/59622?format=json","purl":"pkg:composer/moodle/moodle@3.11.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.11.4"}],"aliases":["CVE-2021-3943"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-zf4q-a4cz-y7dh"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.11"}