In Moodle, insufficient redirect handling made it possible to blindly bypass cURL blocked hosts/allowed ports restrictions, resulting in a blind SSRF risk.
[
{
"vendor": "n/a",
"product": "Moodle",
"versions": [
{
"version": "3.11, 3.10 to 3.10.4, 3.9 to 3.9.7 and earlier unsupported versions",
"status": "affected"
}
]
}
]