GHSA-wxvp-8q8h-r6rr
Suggest an improvement- Source
- https://github.com/advisories/GHSA-wxvp-8q8h-r6rr
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-wxvp-8q8h-r6rr/GHSA-wxvp-8q8h-r6rr.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-wxvp-8q8h-r6rr
- Aliases
-
- CVE-2011-4293
- Published
- 2022-05-13T01:13:14Z
- Modified
- 2024-01-17T16:26:38.212923Z
- Summary
- Moodle Double-Caches Content, Potentially Writing to a File System's Tmp Directory
- Details
-
The theme implementation in Moodle 2.0.x before 2.0.4 and 2.1.x before 2.1.1 triggers duplicate caching of Cascading Style Sheets (CSS) and JavaScript content, which allows remote attackers to bypass intended access restrictions and write to an operating-system temporary directory via unspecified vectors.
- Database specific
{ "nvd_published_at": "2012-07-16T10:28:00Z", "cwe_ids": [ "CWE-379" ], "severity": "MODERATE", "github_reviewed": true, "github_reviewed_at": "2024-01-17T15:47:30Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2011-4293
- https://github.com/moodle/moodle/commit/05f4555422278190ec24a88466ac43c914a7e5d6
- https://github.com/moodle/moodle/commit/9a380fbb53429713b3c422a3146456dc97205329
- https://github.com/moodle/moodle/commit/e1c2a211f259821910be2cba23679d4176fb00a3
- https://github.com/moodle/moodle
- http://git.moodle.org/gw?p=moodle.git;a=commit;h=e1c2a211f259821910be2cba23679d4176fb00a3
- http://moodle.org/mod/forum/discuss.php?d=182736
- http://openwall.com/lists/oss-security/2011/11/14/1
Affected packages
Packagist / moodle/moodle
Package
- Name
- moodle/moodle
- Purl
- pkg:composer/moodle/moodle
Packagist / moodle/moodle
Package
- Name
- moodle/moodle
- Purl
- pkg:composer/moodle/moodle