moodle/moodle is vulnerable to Arbitrary Code Injection. The vulnerability is due to the component
parameter in the pix
function of mustache_pix_helper.php
because it renders the component
parameter twice which allows an attacker to inject and execute malicious code into the system.
github.com/advisories/GHSA-q2x3-2f9g-h559
github.com/moodle/moodle/commit/39ab1182d97d8ba1d103db545ff78a521d5fe796
github.com/moodle/moodle/commit/d5ec5403816704034652332a1b4358b6970bba12
github.com/moodle/moodle/commit/e52133c631d2e9b2057fc0f06f6e097f3d19b7db
github.com/moodle/moodle/commit/eb5037adafbc3dbf16ec11ed06da2b9b1462a590
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QZN34VSF4HTCW3C3ZP2OZYSLYUKADPF/
lists.fedoraproject.org/archives/list/[email protected]/message/3QZN34VSF4HTCW3C3ZP2OZYSLYUKADPF/
moodle.org/mod/forum/discuss.php?d=445065