{"url":"http://public2.vulnerablecode.io/api/packages/60265?format=json","purl":"pkg:composer/moodle/moodle@3.11.5","type":"composer","namespace":"moodle","name":"moodle","version":"3.11.5","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"3.11.6","latest_non_vulnerable_version":"3.11.6","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42179?format=json","vulnerability_id":"VCID-57wg-wxss-jbaw","summary":"Incorrect Authorization\nThe `calendar:manageentries` capability allowed managers to access or modify any calendar event, but should have been restricted from accessing user level events.","references":[{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2043663","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2043663"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=431100","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=431100"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0333","reference_id":"CVE-2022-0333","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0333"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60269?format=json","purl":"pkg:composer/moodle/moodle@3.9.12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.12"},{"url":"http://public2.vulnerablecode.io/api/packages/60270?format=json","purl":"pkg:composer/moodle/moodle@3.10.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-95f1-6g3r-rkg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.9"},{"url":"http://public2.vulnerablecode.io/api/packages/60265?format=json","purl":"pkg:composer/moodle/moodle@3.11.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.11.5"}],"aliases":["CVE-2022-0333"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-57wg-wxss-jbaw"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42173?format=json","vulnerability_id":"VCID-9uem-p6k3-nqdb","summary":"Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')\nAn SQL injection risk was identified in the h5p activity web service responsible for fetching user attempt data.","references":[{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2043661","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2043661"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=431099","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=431099"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0332","reference_id":"CVE-2022-0332","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0332"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60265?format=json","purl":"pkg:composer/moodle/moodle@3.11.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.11.5"}],"aliases":["CVE-2022-0332"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-9uem-p6k3-nqdb"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42176?format=json","vulnerability_id":"VCID-hk13-uc46-87h1","summary":"Exposure of Resource to Wrong Sphere\nInsufficient capability checks could lead to users accessing their grade report for courses where they does not have the required `gradereport/user:view` capability.","references":[{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2043664","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2043664"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=431102","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=431102"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0334","reference_id":"CVE-2022-0334","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0334"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60269?format=json","purl":"pkg:composer/moodle/moodle@3.9.12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.12"},{"url":"http://public2.vulnerablecode.io/api/packages/60270?format=json","purl":"pkg:composer/moodle/moodle@3.10.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-95f1-6g3r-rkg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.9"},{"url":"http://public2.vulnerablecode.io/api/packages/60265?format=json","purl":"pkg:composer/moodle/moodle@3.11.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.11.5"}],"aliases":["CVE-2022-0334"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-hk13-uc46-87h1"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/42180?format=json","vulnerability_id":"VCID-qfvz-hf8h-8bb3","summary":"Cross-Site Request Forgery (CSRF)\nThe `delete badge alignment` functionality does not include the necessary token check to prevent a CSRF risk.","references":[{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2043666","reference_id":"","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2043666"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=431103","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=431103"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0335","reference_id":"CVE-2022-0335","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2022-0335"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/60269?format=json","purl":"pkg:composer/moodle/moodle@3.9.12","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.9.12"},{"url":"http://public2.vulnerablecode.io/api/packages/60270?format=json","purl":"pkg:composer/moodle/moodle@3.10.9","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-95f1-6g3r-rkg4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.10.9"},{"url":"http://public2.vulnerablecode.io/api/packages/60265?format=json","purl":"pkg:composer/moodle/moodle@3.11.5","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.11.5"}],"aliases":["CVE-2022-0335"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-qfvz-hf8h-8bb3"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@3.11.5"}