CVE-2023-28333 Moodle: pix helper potential mustache code injection risk

2023-03-2300:00:00

CWE-94

fedora

www.cve.org

moodle

mustache

injection

9.7 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

70.7%

JSON

The Mustache pix helper contained a potential Mustache injection risk if combined with user input (note: This did not appear to be implemented/exploitable anywhere in the core Moodle LMS).

CNA Affected

[
  {
    "versions": [
      {
        "status": "affected",
        "version": "4.1.0",
        "lessThan": "4.1.2",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "4.0.0",
        "lessThan": "4.0.7",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "3.11.0",
        "lessThan": "3.11.13",
        "versionType": "semver"
      },
      {
        "status": "affected",
        "version": "0",
        "lessThan": "3.9.20",
        "versionType": "semver"
      }
    ],
    "packageName": "moodle",
    "collectionURL": "https://git.moodle.org",
    "defaultStatus": "unaffected"
  }
]