CVE-2017-1000139
Mahara versions 1.8 before 1.8.7, 1.9 before 1.9.5, 1.10 before 1.10.3, and 15.04 before 15.04.0 are vulnerable to server-side request forgery (SSRF) because curl redirects are not consistently checked against a white/black list. Employing SafeCurl will prevent issues.