BIT-moodle-2023-28333

Import Source

https://github.com/bitnami/vulndb/tree/main/data/moodle/BIT-moodle-2023-28333.json

Aliases

CVE-2023-28333
GHSA-q2x3-2f9g-h559

Published

2024-03-06T11:00:15.007Z

Modified

2024-04-20T07:49:38.167Z

Details

The Mustache pix helper contained a potential Mustache injection risk if combined with user input (note: This did not appear to be implemented/exploitable anywhere in the core Moodle LMS).

References

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QZN34VSF4HTCW3C3ZP2OZYSLYUKADPF/
https://moodle.org/mod/forum/discuss.php?d=445065
https://bugzilla.redhat.com/show_bug.cgi?id=2179422

Affected packages

Bitnami / moodle

Package

Name: moodle

Affected ranges

Type: SEMVER
Events: Introduced

3.9.0

Fixed

3.9.20

Introduced

3.11.0

Fixed

3.11.13

Introduced

4.0.0

Fixed

4.0.7

Type: SEMVER
Events: Introduced

3.9.0

Last affected

3.9.0

Introduced

3.11.0

Last affected

3.11.0

Introduced

4.0.0

Last affected

4.0.0

Introduced

4.1.0

Last affected

4.1.0

Introduced

4.1.1

Last affected

4.1.1