Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/moodle/moodle@2.3.7
Typecomposer
Namespacemoodle
Namemoodle
Version2.3.7
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version2.3.8
Latest_non_vulnerable_version5.1.2
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-9kbu-4u3w-jufu
vulnerability_id VCID-9kbu-4u3w-jufu
summary 
Moodle does not enforce capability requirements for reading blog comments
Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not enforce capability requirements for reading blog comments, which allows remote attackers to obtain sensitive information via a crafted request.
references
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37245
reference_id
reference_type
scores
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37245
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106965.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106965.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106988.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106988.html
3
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107026.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107026.html
4
reference_url http://openwall.com/lists/oss-security/2013/05/21/1
reference_id
reference_type
scores
url http://openwall.com/lists/oss-security/2013/05/21/1
5
reference_url https://github.com/moodle/moodle/commit/28772fb9e7e6be01b765fb721af16901bb47e417
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/28772fb9e7e6be01b765fb721af16901bb47e417
6
reference_url https://github.com/moodle/moodle/commit/5fde58a59335bc3109a9eaac4a15d1e9217541c3
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/5fde58a59335bc3109a9eaac4a15d1e9217541c3
7
reference_url https://github.com/moodle/moodle/commit/8aa12adcf26ff2f0b61cd6f0288f2886c8c55bf7
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/8aa12adcf26ff2f0b61cd6f0288f2886c8c55bf7
8
reference_url https://github.com/moodle/moodle/commit/9a909b1a359f72b8d384e18da8e05474604279e1
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/9a909b1a359f72b8d384e18da8e05474604279e1
9
reference_url https://github.com/moodle/moodle/commit/cb538f0e539e833edb7cf6fa3d705e8abc5003fd
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/cb538f0e539e833edb7cf6fa3d705e8abc5003fd
10
reference_url https://github.com/moodle/moodle/commit/f9e27e8323f31186820d25252ec0d4c6cd65dafc
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/f9e27e8323f31186820d25252ec0d4c6cd65dafc
11
reference_url https://moodle.org/mod/forum/discuss.php?d=228934
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=228934
12
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-2082
reference_id CVE-2013-2082
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2013-2082
13
reference_url https://github.com/advisories/GHSA-wp3g-pr4h-q6vv
reference_id GHSA-wp3g-pr4h-q6vv
reference_type
scores
url https://github.com/advisories/GHSA-wp3g-pr4h-q6vv
fixed_packages
0
url pkg:composer/moodle/moodle@2.2.10
purl pkg:composer/moodle/moodle@2.2.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qgn8-zs2m-vkc4
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.2.10
1
url pkg:composer/moodle/moodle@2.3.7
purl pkg:composer/moodle/moodle@2.3.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.3.7
2
url pkg:composer/moodle/moodle@2.4.4
purl pkg:composer/moodle/moodle@2.4.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.4.4
aliases CVE-2013-2082, GHSA-wp3g-pr4h-q6vv
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-9kbu-4u3w-jufu
1
url VCID-b2tv-8q9g-qqfz
vulnerability_id VCID-b2tv-8q9g-qqfz
summary 
Improper Input Validation
The MoodleQuickForm class in lib/formslib.php in Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not properly handle a certain array-element syntax, which allows remote attackers to bypass intended form-data filtering via a crafted request.
references
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-38885
reference_id
reference_type
scores
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-38885
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106965.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106965.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106988.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106988.html
3
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107026.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107026.html
4
reference_url http://openwall.com/lists/oss-security/2013/05/21/1
reference_id
reference_type
scores
url http://openwall.com/lists/oss-security/2013/05/21/1
5
reference_url https://moodle.org/mod/forum/discuss.php?d=228935
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=228935
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-2083
reference_id CVE-2013-2083
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2013-2083
7
reference_url https://github.com/advisories/GHSA-m63h-q4x3-6hwj
reference_id GHSA-m63h-q4x3-6hwj
reference_type
scores
url https://github.com/advisories/GHSA-m63h-q4x3-6hwj
fixed_packages
0
url pkg:composer/moodle/moodle@2.1.11
purl pkg:composer/moodle/moodle@2.1.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.1.11
1
url pkg:composer/moodle/moodle@2.2.10
purl pkg:composer/moodle/moodle@2.2.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qgn8-zs2m-vkc4
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.2.10
2
url pkg:composer/moodle/moodle@2.3.7
purl pkg:composer/moodle/moodle@2.3.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.3.7
3
url pkg:composer/moodle/moodle@2.4.4
purl pkg:composer/moodle/moodle@2.4.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.4.4
aliases CVE-2013-2083, GHSA-m63h-q4x3-6hwj
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-b2tv-8q9g-qqfz
2
url VCID-bgaz-b5zd-e7aj
vulnerability_id VCID-bgaz-b5zd-e7aj
summary 
Moodle does not consider "don't send" attributes during hub registration
Moodle through 2.1.10, 2.2.x before 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not consider "don't send" attributes during hub registration, which allows remote hubs to obtain sensitive site information by reading form data.
references
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37822
reference_id
reference_type
scores
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37822
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106965.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106965.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106988.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106988.html
3
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107026.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107026.html
4
reference_url http://openwall.com/lists/oss-security/2013/05/21/1
reference_id
reference_type
scores
url http://openwall.com/lists/oss-security/2013/05/21/1
5
reference_url https://github.com/moodle/moodle/commit/1d79b726d762bcc629c1a2a74cfa3eca5a7c5da7
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/1d79b726d762bcc629c1a2a74cfa3eca5a7c5da7
6
reference_url https://github.com/moodle/moodle/commit/1fc34e37fdc57b4ec303cb942dc5d5535b953ed7
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/1fc34e37fdc57b4ec303cb942dc5d5535b953ed7
7
reference_url https://github.com/moodle/moodle/commit/4d65904bc132548a2ef4c2a40bf5ba2cffb5f68f
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/4d65904bc132548a2ef4c2a40bf5ba2cffb5f68f
8
reference_url https://github.com/moodle/moodle/commit/54a3ce69e9ca751fffd0b3e0eb5be4add50de113
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/54a3ce69e9ca751fffd0b3e0eb5be4add50de113
9
reference_url https://github.com/moodle/moodle/commit/60c468bcb3b6f867a70f2f30427b52e0362e93d1
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/60c468bcb3b6f867a70f2f30427b52e0362e93d1
10
reference_url https://github.com/moodle/moodle/commit/667eaec4d2679a8bc1fcd9f0ff17a1be2babccb0
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/667eaec4d2679a8bc1fcd9f0ff17a1be2babccb0
11
reference_url https://github.com/moodle/moodle/commit/669dee58048b18d9034a7b2367b97a50b498b0e0
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/669dee58048b18d9034a7b2367b97a50b498b0e0
12
reference_url https://github.com/moodle/moodle/commit/a811e8ac56e49a174b68ceade81197c80be4b325
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/a811e8ac56e49a174b68ceade81197c80be4b325
13
reference_url https://github.com/moodle/moodle/commit/be6281e2cbc2fb40b96a48c07c80883fa80cd1b7
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/be6281e2cbc2fb40b96a48c07c80883fa80cd1b7
14
reference_url https://github.com/moodle/moodle/commit/fd469033fa2c860647e48f3d543346503a37faa0
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/fd469033fa2c860647e48f3d543346503a37faa0
15
reference_url https://moodle.org/mod/forum/discuss.php?d=228933
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=228933
16
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-2081
reference_id CVE-2013-2081
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2013-2081
17
reference_url https://github.com/advisories/GHSA-x3x8-fjw6-hccx
reference_id GHSA-x3x8-fjw6-hccx
reference_type
scores
url https://github.com/advisories/GHSA-x3x8-fjw6-hccx
fixed_packages
0
url pkg:composer/moodle/moodle@2.2.10
purl pkg:composer/moodle/moodle@2.2.10
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-qgn8-zs2m-vkc4
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.2.10
1
url pkg:composer/moodle/moodle@2.3.7
purl pkg:composer/moodle/moodle@2.3.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.3.7
2
url pkg:composer/moodle/moodle@2.4.4
purl pkg:composer/moodle/moodle@2.4.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.4.4
aliases CVE-2013-2081, GHSA-x3x8-fjw6-hccx
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-bgaz-b5zd-e7aj
3
url VCID-qgn8-zs2m-vkc4
vulnerability_id VCID-qgn8-zs2m-vkc4
summary 
Moodle is vulnerable to Sensitive Information Disclosure
The core_grade component in Moodle through 2.2.10, 2.3.x before 2.3.7, and 2.4.x before 2.4.4 does not properly consider the existence of hidden grades, which allows remote authenticated users to obtain sensitive information by leveraging the student role and reading the Gradebook Overview report.
references
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37475
reference_id
reference_type
scores
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37475
1
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106965.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106965.html
2
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106988.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2013-May/106988.html
3
reference_url http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107026.html
reference_id
reference_type
scores
url http://lists.fedoraproject.org/pipermail/package-announce/2013-May/107026.html
4
reference_url http://openwall.com/lists/oss-security/2013/05/21/1
reference_id
reference_type
scores
url http://openwall.com/lists/oss-security/2013/05/21/1
5
reference_url https://moodle.org/mod/forum/discuss.php?d=228931
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=228931
6
reference_url https://nvd.nist.gov/vuln/detail/CVE-2013-2080
reference_id CVE-2013-2080
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2013-2080
7
reference_url https://github.com/advisories/GHSA-wmmc-qjq2-vvm2
reference_id GHSA-wmmc-qjq2-vvm2
reference_type
scores
url https://github.com/advisories/GHSA-wmmc-qjq2-vvm2
fixed_packages
0
url pkg:composer/moodle/moodle@2.2.11
purl pkg:composer/moodle/moodle@2.2.11
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.2.11
1
url pkg:composer/moodle/moodle@2.3.7
purl pkg:composer/moodle/moodle@2.3.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.3.7
2
url pkg:composer/moodle/moodle@2.4.4
purl pkg:composer/moodle/moodle@2.4.4
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.4.4
aliases CVE-2013-2080, GHSA-wmmc-qjq2-vvm2
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qgn8-zs2m-vkc4
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.3.7