CVE-2023-35133

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-35133

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-35133.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-35133

Aliases

Related

UBUNTU-CVE-2023-35133

Withdrawn

2024-09-03T04:41:26.585806Z

Published

2023-06-22T21:15:09Z

Modified

2024-09-03T04:33:18.625834Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.

References

Affected packages

Git / github.com/moodle/moodle

Affected ranges

Type: GIT
Repo: https://github.com/moodle/moodle
Events: Introduced

8b359ad7a63cf219110bca80552fe3d4ea2a635d

Fixed

19c271d45ee1ab62df60295df54020a09b493b41

Affected versions

v4.*

v4.0.0

v4.0.1

v4.0.2

v4.0.3

v4.0.4

v4.0.5

v4.0.6

v4.0.7

v4.0.8