The vulnerability was found in Moodle, occurs due to improper input validation when parsing PostScript code. An omitted execution parameter results in a remote code execution risk for sites running GhostScript versions older than 9.50. Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
[
{
"product": "Moodle",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in moodle 4.0.2, moodle 3.11.8, moodle 3.9.15"
}
]
}
]
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-75044
bugzilla.redhat.com/show_bug.cgi?id=2106273
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6MOKYVRNFNAODP2XSMGJ5CRDUZCZKAR3/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTKUSFPSYFINSQFSOHDQIDVE6FWBEU6V/
moodle.org/mod/forum/discuss.php?d=436456