GHSA-xmwv-mqh8-4xgw

Source

https://github.com/advisories/GHSA-xmwv-mqh8-4xgw

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-xmwv-mqh8-4xgw/GHSA-xmwv-mqh8-4xgw.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-xmwv-mqh8-4xgw

Aliases

CVE-2014-3542

Published

2022-05-13T01:12:40Z

Modified

2024-12-02T05:41:43.005619Z

Summary

Moodle allows remote attackers to read arbitrary files

Details

mod/lti/service.php in Moodle through 2.3.11, 2.4.x before 2.4.11, 2.5.x before 2.5.7, 2.6.x before 2.6.4, and 2.7.x before 2.7.1 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue.

Database specific

{
    "nvd_published_at": "2014-07-29T11:10:00Z",
    "cwe_ids": [
        "CWE-200"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-01-19T16:05:46Z"
}

References

Affected packages

Packagist / moodle/moodle

Package

Name: moodle/moodle
Purl: pkg:composer/moodle/moodle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

2.3.11

Affected versions

v2.*

v2.3.4

v2.3.5

v2.3.6

v2.3.7

v2.3.8

v2.3.9

v2.3.10

v2.3.11

Packagist / moodle/moodle

Package

Name: moodle/moodle
Purl: pkg:composer/moodle/moodle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.4.0

Fixed

2.4.11

Affected versions

v2.*

v2.4.0

v2.4.1

v2.4.2

v2.4.3

v2.4.4

v2.4.5

v2.4.6

v2.4.7

v2.4.8

v2.4.9

v2.4.10

Packagist / moodle/moodle

Package

Name: moodle/moodle
Purl: pkg:composer/moodle/moodle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.5.0

Fixed

2.5.7

Affected versions

v2.*

v2.5.0

v2.5.1

v2.5.2

v2.5.3

v2.5.4

v2.5.5

v2.5.6

Packagist / moodle/moodle

Package

Name: moodle/moodle
Purl: pkg:composer/moodle/moodle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.6.0

Fixed

2.6.4

Affected versions

v2.*

v2.6.0

v2.6.1

v2.6.2

v2.6.3

Packagist / moodle/moodle

Package

Name: moodle/moodle
Purl: pkg:composer/moodle/moodle

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.7.0

Fixed

2.7.1

Affected versions

2.*

2.7.0

v2.*

v2.7.0