Lucene search

GoogleOSV:GHSA-4QXC-QXRP-33CW

HistoryMar 12, 2022 - 12:00 a.m.

Moodle denial-of-service risk in the draft files area

2022-03-1200:00:33

Google

osv.dev

moodle

denial of service

draft files

upload limits

risk

software vulnerability

AI Score

6.6

Confidence

Low

EPSS

0.001

Percentile

38.4%

JSON

A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected.

References

github.com/moodle/moodle

moodle.org/mod/forum/discuss.php?d=422310

nvd.nist.gov/vuln/detail/CVE-2021-32476