Lucene search

GitHub Advisory DatabaseGHSA-273W-7FXJ-PCP6

HistoryMar 06, 2023 - 9:30 p.m.

Moodle vulnerable to Uncontrolled Resource Consumption

2023-03-0621:30:18

CWE-400

CWE-674

GitHub Advisory Database

github.com

moodle

file repository

recursion handling

denial of service

software

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

32.2%

JSON

In Moodle, the file repository’s URL parsing required additional recursion handling to mitigate the risk of recursion denial of service.

Affected configurations

Vulners

Node

moodlemoodleRange<3.9.8

moodlemoodleRange<3.10.5

moodlemoodleRange<3.11.1

CPENameOperatorVersion
moodle/moodlelt3.9.8
moodle/moodlelt3.10.5
moodle/moodlelt3.11.1

Name	Operator	Version
moodle/moodle	lt	3.9.8
moodle/moodle	lt	3.10.5
moodle/moodle	lt	3.11.1

References

github.com/advisories/GHSA-273w-7fxj-pcp6

moodle.org/mod/forum/discuss.php?d=424801

nvd.nist.gov/vuln/detail/CVE-2021-36395

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

0.001 Low

EPSS

Percentile

32.2%

JSON

Related for GHSA-273W-7FXJ-PCP6