CVE-2023-28333

Moodle's Mustache pix helper contained a potential Mustache injection risk if combined with user input in packagist/moodle/moodle

Identifiers

CVE-2023-28333, GHSA-q2x3-2f9g-h559

Package Slug

packagist/moodle/moodle

Vulnerability

Moodle's Mustache pix helper contained a potential Mustache injection risk if combined with user input

Description

The Mustache pix helper contained a potential Mustache injection risk if combined with user input (note: This does not appear to be implemented/exploitable anywhere in the core Moodle LMS).

Affected Versions

All versions from 3.9.0 before 3.9.19, all versions from 3.11.0 before 3.11.13, all versions from 4.0.0 before 4.0.7, all versions from 4.1.2 before 4.1.2

Solution

Upgrade to versions 3.9.20, 3.11.13, 4.0.7, 4.1.2, or above.

Last Modified

2023-03-24

source