Lucene search

GitHub Advisory DatabaseGHSA-487G-3M3V-HJHQ

HistoryFeb 19, 2024 - 6:31 p.m.

Uncontrolled Resource Consumption in moodle

2024-02-1918:31:32

CWE-400

GitHub Advisory Database

github.com

moodle

resource consumption

file picker

unzip

denial of service

risk

software

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%

JSON

Insufficient file size checks resulted in a denial of service risk in the file picker’s unzip functionality.

Affected configurations

Vulners

Node

moodlemoodleRange<4.1.9

moodlemoodleRange<4.2.6

moodlemoodleRange<4.3.3

CPENameOperatorVersion
moodle/moodlelt4.1.9
moodle/moodlelt4.2.6
moodle/moodlelt4.3.3

Name	Operator	Version
moodle/moodle	lt	4.1.9
moodle/moodle	lt	4.2.6
moodle/moodle	lt	4.3.3

References

git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-74641

bugzilla.redhat.com/show_bug.cgi?id=2264074

github.com/advisories/GHSA-487g-3m3v-hjhq

github.com/moodle/moodle/commit/9ba14233597480fb78c04d531050c090de4e60a2

github.com/moodle/moodle/commit/a73e0ac76d77b67602f91bb211962813d60bc573

lists.fedoraproject.org/archives/list/[email protected]/message/KXGBYJ43BUEBUAQZU3DT5I5A3YLF47CB

moodle.org/mod/forum/discuss.php?d=455634

nvd.nist.gov/vuln/detail/CVE-2024-25978

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

6.8 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%

JSON

Related for GHSA-487G-3M3V-HJHQ