GHSA-vxqh-mx28-7ghw
Suggest an improvement- Source
- https://github.com/advisories/GHSA-vxqh-mx28-7ghw
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-vxqh-mx28-7ghw/GHSA-vxqh-mx28-7ghw.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-vxqh-mx28-7ghw
- Aliases
- Published
- 2022-05-14T03:16:23Z
- Modified
- 2024-04-23T23:58:48.734667Z
- Severity
-
- 8.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVSS Calculator
- Summary
- Moodle Portfolio script allows instantiation of class chosen by user
- Details
-
An issue was discovered in Moodle 3.x. By substituting URLs in portfolios, users can instantiate any class. This can also be exploited by users who are logged in as guests to create a DDoS attack.
- Database specific
{ "nvd_published_at": "2018-05-25T12:29:00Z", "cwe_ids": [ "CWE-20" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2024-04-23T23:42:01Z" }- References
Affected packages
Packagist / moodle/moodle
Package
- Name
- moodle/moodle
- Purl
- pkg:composer/moodle/moodle
Packagist / moodle/moodle
Package
- Name
- moodle/moodle
- Purl
- pkg:composer/moodle/moodle
Packagist / moodle/moodle
Package
- Name
- moodle/moodle
- Purl
- pkg:composer/moodle/moodle
Packagist / moodle/moodle
Package
- Name
- moodle/moodle
- Purl
- pkg:composer/moodle/moodle