Django REST framework

Package Instance

Lookup for vulnerable packages by Package URL.

Purlpkg:composer/moodle/moodle@2.9.1
Typecomposer
Namespacemoodle
Namemoodle
Version2.9.1
Qualifiers
Subpath
Is_vulnerablefalse
Next_non_vulnerable_version2.9.2
Latest_non_vulnerable_version5.1.2
Affected_by_vulnerabilities
Fixing_vulnerabilities
0
url VCID-37j1-ym2f-1fbc
vulnerability_id VCID-37j1-ym2f-1fbc
summary 
Moodle open redirect vulnerability
Open redirect vulnerability in the clean_param function in lib/moodlelib.php in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via vectors involving an HTTP Referer header that has a substring match with a local URL.
references
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50688
reference_id
reference_type
scores
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50688
1
reference_url http://openwall.com/lists/oss-security/2015/07/13/2
reference_id
reference_type
scores
url http://openwall.com/lists/oss-security/2015/07/13/2
2
reference_url https://github.com/moodle/moodle/commit/5673aae914070fa93b861a39f6bb3eae2f79bbc2
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/5673aae914070fa93b861a39f6bb3eae2f79bbc2
3
reference_url https://github.com/moodle/moodle/commit/5c1f41f0583e9174ead1530f93dc4b260d8036d5
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/5c1f41f0583e9174ead1530f93dc4b260d8036d5
4
reference_url https://github.com/moodle/moodle/commit/9580c08e9e4e5e80606d46aea2014f83f863534f
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/9580c08e9e4e5e80606d46aea2014f83f863534f
5
reference_url https://github.com/moodle/moodle/commit/980bd08bdc01586bf8b5d407b049645ea6ff1174
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/980bd08bdc01586bf8b5d407b049645ea6ff1174
6
reference_url https://moodle.org/mod/forum/discuss.php?d=316662
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=316662
7
reference_url https://web.archive.org/web/20150924032214/http://www.securitytracker.com/id/1032877
reference_id
reference_type
scores
url https://web.archive.org/web/20150924032214/http://www.securitytracker.com/id/1032877
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-3272
reference_id CVE-2015-3272
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2015-3272
9
reference_url https://github.com/advisories/GHSA-2hw2-h3mf-c2j9
reference_id GHSA-2hw2-h3mf-c2j9
reference_type
scores
url https://github.com/advisories/GHSA-2hw2-h3mf-c2j9
fixed_packages
0
url pkg:composer/moodle/moodle@2.7.9
purl pkg:composer/moodle/moodle@2.7.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.9
1
url pkg:composer/moodle/moodle@2.8.7
purl pkg:composer/moodle/moodle@2.8.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.7
2
url pkg:composer/moodle/moodle@2.9.1
purl pkg:composer/moodle/moodle@2.9.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.1
aliases CVE-2015-3272, GHSA-2hw2-h3mf-c2j9
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-37j1-ym2f-1fbc
1
url VCID-emu7-jhv2-zqb8
vulnerability_id VCID-emu7-jhv2-zqb8
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Cross-site scripting (XSS) vulnerability in the user_get_user_details function in user/lib.php in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allows remote attackers to inject arbitrary web script or HTML by leveraging absence of an external_format_text call in a web service.
references
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50130
reference_id
reference_type
scores
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50130
1
reference_url http://openwall.com/lists/oss-security/2015/07/13/2
reference_id
reference_type
scores
url http://openwall.com/lists/oss-security/2015/07/13/2
2
reference_url https://github.com/moodle/moodle/commit/7b15a363201109354bbd6d51a7c70f50dac7b9d8
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/7b15a363201109354bbd6d51a7c70f50dac7b9d8
3
reference_url https://github.com/moodle/moodle/commit/a809a8dccea222a31e0828d4f17889035e6d1a36
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/a809a8dccea222a31e0828d4f17889035e6d1a36
4
reference_url https://github.com/moodle/moodle/commit/e96e66aa16dca5cbcdb1aef0f9499edf86f1404b
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/e96e66aa16dca5cbcdb1aef0f9499edf86f1404b
5
reference_url https://github.com/moodle/moodle/commit/ffe5c784889b3f7b2ba11cf9db881d54904623b7
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/ffe5c784889b3f7b2ba11cf9db881d54904623b7
6
reference_url https://moodle.org/mod/forum/discuss.php?d=316664
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=316664
7
reference_url https://web.archive.org/web/20150924032214/http://www.securitytracker.com/id/1032877
reference_id
reference_type
scores
url https://web.archive.org/web/20150924032214/http://www.securitytracker.com/id/1032877
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-3274
reference_id CVE-2015-3274
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2015-3274
9
reference_url https://github.com/advisories/GHSA-f7qm-q26p-6rr2
reference_id GHSA-f7qm-q26p-6rr2
reference_type
scores
url https://github.com/advisories/GHSA-f7qm-q26p-6rr2
fixed_packages
0
url pkg:composer/moodle/moodle@2.7.9
purl pkg:composer/moodle/moodle@2.7.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.9
1
url pkg:composer/moodle/moodle@2.8.7
purl pkg:composer/moodle/moodle@2.8.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.7
2
url pkg:composer/moodle/moodle@2.9.1
purl pkg:composer/moodle/moodle@2.9.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.1
aliases CVE-2015-3274, GHSA-f7qm-q26p-6rr2
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-emu7-jhv2-zqb8
2
url VCID-v6ha-ekxw-7bfr
vulnerability_id VCID-v6ha-ekxw-7bfr
summary 
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Multiple cross-site scripting (XSS) vulnerabilities in the SCORM module in Moodle through 2.6.11, 2.7.x before 2.7.9, 2.8.x before 2.8.7, and 2.9.x before 2.9.1 allow remote attackers to inject arbitrary web script or HTML via a crafted organization name to (1) mod/scorm/player.php or (2) mod/scorm/prereqs.php.
references
0
reference_url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50614
reference_id
reference_type
scores
url http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-50614
1
reference_url http://openwall.com/lists/oss-security/2015/07/13/2
reference_id
reference_type
scores
url http://openwall.com/lists/oss-security/2015/07/13/2
2
reference_url https://github.com/moodle/moodle/commit/46460a23035ad35caa50c2083ce6327f7723002e
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/46460a23035ad35caa50c2083ce6327f7723002e
3
reference_url https://github.com/moodle/moodle/commit/476e97f280f5fa146f3ab676dd6f07de481ad9e8
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/476e97f280f5fa146f3ab676dd6f07de481ad9e8
4
reference_url https://github.com/moodle/moodle/commit/d942f0311c0d4d8200b9d3244cc8847046abc32e
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/d942f0311c0d4d8200b9d3244cc8847046abc32e
5
reference_url https://github.com/moodle/moodle/commit/f3e7afedb96e2637a30d9bebd5fa98d45eca5f55
reference_id
reference_type
scores
url https://github.com/moodle/moodle/commit/f3e7afedb96e2637a30d9bebd5fa98d45eca5f55
6
reference_url https://moodle.org/mod/forum/discuss.php?d=316665
reference_id
reference_type
scores
url https://moodle.org/mod/forum/discuss.php?d=316665
7
reference_url https://web.archive.org/web/20150924032214/http://www.securitytracker.com/id/1032877
reference_id
reference_type
scores
url https://web.archive.org/web/20150924032214/http://www.securitytracker.com/id/1032877
8
reference_url https://nvd.nist.gov/vuln/detail/CVE-2015-3275
reference_id CVE-2015-3275
reference_type
scores
url https://nvd.nist.gov/vuln/detail/CVE-2015-3275
9
reference_url https://github.com/advisories/GHSA-6922-5v25-p8jg
reference_id GHSA-6922-5v25-p8jg
reference_type
scores
url https://github.com/advisories/GHSA-6922-5v25-p8jg
fixed_packages
0
url pkg:composer/moodle/moodle@2.7.9
purl pkg:composer/moodle/moodle@2.7.9
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.7.9
1
url pkg:composer/moodle/moodle@2.8.7
purl pkg:composer/moodle/moodle@2.8.7
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.8.7
2
url pkg:composer/moodle/moodle@2.9.1
purl pkg:composer/moodle/moodle@2.9.1
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.1
aliases CVE-2015-3275, GHSA-6922-5v25-p8jg
risk_score null
exploitability null
weighted_severity null
resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-v6ha-ekxw-7bfr
Risk_scorenull
Resource_urlhttp://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.9.1