CVE-2021-20185

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-20185

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-20185.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-20185

Aliases

Downstream

UBUNTU-CVE-2021-20185

Published

2021-01-28T20:15:13.133Z

Modified

2026-04-10T04:29:15.295765Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L CVSS Calculator

Summary

[none]

Details

It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that messaging did not impose a character limit when sending messages, which could result in client-side (browser) denial of service for users receiving very large messages.

References

https://moodle.org/mod/forum/discuss.php?d=417168

Affected packages

Git / github.com/moodle/moodle

Affected ranges

Type

GIT

Repo

https://github.com/moodle/moodle

Events

Introduced

46574904afd39578fa4146bf1fc5c401ac680aa6

Fixed

bbf242efb086307a0af9367d6caea08649b261d1

Introduced

f968cd44e8ee5d54b1bc56823040ff770dbf18af

Fixed

323c12674aa74d327ded9f5e44458cd5d1aea174

Introduced

500c131eb49771e36f68d151dfa37fef5a9bc2df

Fixed

de301d4237c42ddd0d4ae7395e663b8457943727

Introduced

Last affected

ec58cefefb2722f61f77c9a2b6a12d40a8c078a0

Database specific

{
    "versions": [
        {
            "introduced": "3.5.0"
        },
        {
            "fixed": "3.5.16"
        },
        {
            "introduced": "3.8.0"
        },
        {
            "fixed": "3.8.7"
        },
        {
            "introduced": "3.9.0"
        },
        {
            "fixed": "3.9.4"
        },
        {
            "introduced": "0"
        },
        {
            "last_affected": "3.10.0"
        }
    ]
}

Affected versions

v3.*

v3.10.0

v3.10.0-beta

v3.10.0-rc1

v3.10.0-rc2

v3.5.0

v3.5.1

v3.5.10

v3.5.11

v3.5.12

v3.5.13

v3.5.14

v3.5.15

v3.5.2

v3.5.3

v3.5.4

v3.5.5

v3.5.6

v3.5.7

v3.5.8

v3.5.9

v3.8.0

v3.8.1

v3.8.2

v3.8.3

v3.8.4

v3.8.5

v3.8.6

v3.9.0

v3.9.1

v3.9.2

v3.9.3

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-20185.json"