CVE-2023-28333

Source
https://cve.org/CVERecord?id=CVE-2023-28333
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-28333.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-28333
Aliases
Downstream
Published
2023-03-23T00:00:00Z
Modified
2026-07-15T02:08:17.657955476Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Moodle: pix helper potential mustache code injection risk
Details

The Mustache pix helper contained a potential Mustache injection risk if combined with user input (note: This did not appear to be implemented/exploitable anywhere in the core Moodle LMS).

Database specific
{
    "cwe_ids": [
        "CWE-94"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/28xxx/CVE-2023-28333.json",
    "cna_assigner": "fedora",
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "introduced": "4.1.0"
                },
                {
                    "fixed": "4.1.2"
                },
                {
                    "introduced": "4.0.0"
                },
                {
                    "fixed": "4.0.7"
                },
                {
                    "introduced": "3.11.0"
                },
                {
                    "fixed": "3.11.13"
                },
                {
                    "fixed": "3.9.20"
                }
            ],
            "source": "AFFECTED_FIELD"
        }
    ]
}
References

Affected packages

Git / github.com/moodle/moodle

Affected ranges

Type
GIT
Repo
https://github.com/moodle/moodle
Events
Database specific
{
    "cpe": [
        "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
        "cpe:2.3:a:moodle:moodle:3.9.0:-:*:*:*:*:*:*",
        "cpe:2.3:a:moodle:moodle:3.11.0:-:*:*:*:*:*:*",
        "cpe:2.3:a:moodle:moodle:4.0.0:-:*:*:*:*:*:*",
        "cpe:2.3:a:moodle:moodle:4.1.0:-:*:*:*:*:*:*",
        "cpe:2.3:a:moodle:moodle:4.1.1:*:*:*:*:*:*:*"
    ],
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.9.20"
        },
        {
            "fixed": "3.11.13"
        },
        {
            "fixed": "4.0.7"
        },
        {
            "introduced": "3.9.0-NA"
        },
        {
            "last_affected": "3.9.0-NA"
        },
        {
            "introduced": "3.11.0-NA"
        },
        {
            "last_affected": "3.11.0-NA"
        },
        {
            "introduced": "4.0.0-NA"
        },
        {
            "last_affected": "4.0.0-NA"
        },
        {
            "introduced": "4.1.0-NA"
        },
        {
            "last_affected": "4.1.0-NA"
        },
        {
            "introduced": "4.1.1"
        },
        {
            "last_affected": "4.1.1"
        }
    ],
    "source": [
        "CPE_RANGE",
        "CPE_STRING"
    ]
}

Affected versions

3.*
3.11.0-NA
3.9.0-NA
4.*
4.0.0-NA
4.1.0-NA
4.1.1
v3.*
v3.10.0
v3.10.0-beta
v3.10.0-rc1
v3.10.0-rc2
v3.11.0
v3.11.0-beta
v3.11.0-rc1
v3.11.0-rc2
v3.11.1
v3.11.10
v3.11.11
v3.11.12
v3.11.2
v3.11.3
v3.11.4
v3.11.5
v3.11.6
v3.11.7
v3.11.8
v3.11.9
v3.9.0
v3.9.1
v3.9.10
v3.9.11
v3.9.12
v3.9.13
v3.9.14
v3.9.15
v3.9.16
v3.9.17
v3.9.18
v3.9.19
v3.9.2
v3.9.3
v3.9.4
v3.9.5
v3.9.6
v3.9.7
v3.9.8
v3.9.9
v4.*
v4.0.0
v4.0.0-beta
v4.0.0-rc1
v4.0.0-rc2
v4.0.0-rc3
v4.0.0-rc4
v4.0.1
v4.0.2
v4.0.3
v4.0.4
v4.0.5
v4.0.6
v4.1.0
v4.1.0-beta
v4.1.0-rc1
v4.1.0-rc2
v4.1.0-rc3
v4.1.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-28333.json"