{"url":"http://public2.vulnerablecode.io/api/packages/62480?format=json","purl":"pkg:composer/moodle/moodle@2.3.4","type":"composer","namespace":"moodle","name":"moodle","version":"2.3.4","qualifiers":{},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"2.3.5","latest_non_vulnerable_version":"5.1.2","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43610?format=json","vulnerability_id":"VCID-1uce-2wtr-8bfg","summary":"Improper Input Validation\nThe moodle1 backup converter in backup/converter/moodle1/lib.php in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 does not properly validate pathnames, which allows remote authenticated users to read arbitrary files by leveraging the backup-restoration feature.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36977","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-36977"},{"reference_url":"http://openwall.com/lists/oss-security/2013/01/21/1","reference_id":"","reference_type":"","scores":[],"url":"http://openwall.com/lists/oss-security/2013/01/21/1"},{"reference_url":"https://github.com/moodle/moodle/commit/0ab681d3e7bed2a37430387f9da8504c0b077d10","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/0ab681d3e7bed2a37430387f9da8504c0b077d10"},{"reference_url":"https://github.com/moodle/moodle/commit/7b66137f7bcc84fb5eb07f58fb658b21bf37cc44","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/7b66137f7bcc84fb5eb07f58fb658b21bf37cc44"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=220160","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=220160"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-6099","reference_id":"CVE-2012-6099","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-6099"},{"reference_url":"https://github.com/advisories/GHSA-cr78-rphw-w73p","reference_id":"GHSA-cr78-rphw-w73p","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-cr78-rphw-w73p"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62387?format=json","purl":"pkg:composer/moodle/moodle@2.1.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vsp-tbwq-1qhf"},{"vulnerability":"VCID-b2tv-8q9g-qqfz"},{"vulnerability":"VCID-vgxb-fkuj-9fgk"},{"vulnerability":"VCID-y15n-cf9z-dyc4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.1.10"},{"url":"http://public2.vulnerablecode.io/api/packages/62479?format=json","purl":"pkg:composer/moodle/moodle@2.2.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.2.7"},{"url":"http://public2.vulnerablecode.io/api/packages/62480?format=json","purl":"pkg:composer/moodle/moodle@2.3.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/62481?format=json","purl":"pkg:composer/moodle/moodle@2.4.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.4.1"}],"aliases":["CVE-2012-6099","GHSA-cr78-rphw-w73p"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-1uce-2wtr-8bfg"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/43533?format=json","vulnerability_id":"VCID-mh2f-ytz5-9fhg","summary":"PHP Spellchecker addon for TinyMCE allows attackers to trigger arbitrary outbound HTTP requests\nclasses/GoogleSpell.php in the PHP Spellchecker (aka Google Spellchecker) addon before 2.0.6.1 for TinyMCE, as used in Moodle 2.1.x before 2.1.10, 2.2.x before 2.2.7, 2.3.x before 2.3.4, and 2.4.x before 2.4.1 and other products, does not properly handle control characters, which allows remote attackers to trigger arbitrary outbound HTTP requests via a crafted string.","references":[{"reference_url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37283","reference_id":"","reference_type":"","scores":[],"url":"http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-37283"},{"reference_url":"http://openwall.com/lists/oss-security/2013/01/21/1","reference_id":"","reference_type":"","scores":[],"url":"http://openwall.com/lists/oss-security/2013/01/21/1"},{"reference_url":"https://github.com/moodle/moodle/commit/6fac8f7f04c9fe7f8bbb54a9c00ec5f9ea4f09e0","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/6fac8f7f04c9fe7f8bbb54a9c00ec5f9ea4f09e0"},{"reference_url":"https://github.com/moodle/moodle/commit/9803d8fc3ce08c8f8b88ad3a95d9a7c97678a3e3","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/9803d8fc3ce08c8f8b88ad3a95d9a7c97678a3e3"},{"reference_url":"https://github.com/moodle/moodle/commit/a3243760c243ddad76e91840134009c3681cb16a","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/a3243760c243ddad76e91840134009c3681cb16a"},{"reference_url":"https://github.com/moodle/moodle/commit/f938b1a89b8f381129120a37915d1b345333b3fb","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/moodle/moodle/commit/f938b1a89b8f381129120a37915d1b345333b3fb"},{"reference_url":"https://github.com/tinymce/tinymce_spellchecker_php/commit/22910187bfb9edae90c26e10100d8145b505b974","reference_id":"","reference_type":"","scores":[],"url":"https://github.com/tinymce/tinymce_spellchecker_php/commit/22910187bfb9edae90c26e10100d8145b505b974"},{"reference_url":"https://moodle.org/mod/forum/discuss.php?d=220157","reference_id":"","reference_type":"","scores":[],"url":"https://moodle.org/mod/forum/discuss.php?d=220157"},{"reference_url":"https://web.archive.org/web/20121015010345/http://www.tinymce.com/develop/changelog/?type=phpspell","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20121015010345/http://www.tinymce.com/develop/changelog/?type=phpspell"},{"reference_url":"https://web.archive.org/web/20121129021911/http://www.tinymce.com/forum/viewtopic.php?id=30036","reference_id":"","reference_type":"","scores":[],"url":"https://web.archive.org/web/20121129021911/http://www.tinymce.com/forum/viewtopic.php?id=30036"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2012-6112","reference_id":"CVE-2012-6112","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/detail/CVE-2012-6112"},{"reference_url":"https://github.com/advisories/GHSA-fx5h-3786-h2w6","reference_id":"GHSA-fx5h-3786-h2w6","reference_type":"","scores":[],"url":"https://github.com/advisories/GHSA-fx5h-3786-h2w6"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/62387?format=json","purl":"pkg:composer/moodle/moodle@2.1.10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2vsp-tbwq-1qhf"},{"vulnerability":"VCID-b2tv-8q9g-qqfz"},{"vulnerability":"VCID-vgxb-fkuj-9fgk"},{"vulnerability":"VCID-y15n-cf9z-dyc4"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.1.10"},{"url":"http://public2.vulnerablecode.io/api/packages/62479?format=json","purl":"pkg:composer/moodle/moodle@2.2.7","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.2.7"},{"url":"http://public2.vulnerablecode.io/api/packages/62480?format=json","purl":"pkg:composer/moodle/moodle@2.3.4","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.3.4"},{"url":"http://public2.vulnerablecode.io/api/packages/62481?format=json","purl":"pkg:composer/moodle/moodle@2.4.1","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.4.1"}],"aliases":["CVE-2012-6112","GHSA-fx5h-3786-h2w6"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mh2f-ytz5-9fhg"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/moodle/moodle@2.3.4"}