CVE-2023-5548

Moodle Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability in packagist/moodle/moodle

Identifiers

CVE-2023-5548, GHSA-cwh2-q44x-5w3c

Package Slug

packagist/moodle/moodle

Vulnerability

Moodle Acceptance of Extraneous Untrusted Data With Trusted Data vulnerability

Description

Stronger revision number limitations were required on file serving endpoints to improve cache poisoning protection.

Affected Versions

All versions before 3.9.24, all versions starting from 3.11.0 before 3.11.17, all versions starting from 4.0.0 before 4.0.11, all versions starting from 4.1.0 before 4.1.6, all versions starting from 4.2.0 before 4.2.3

Solution

Upgrade to versions 3.9.24, 3.11.17, 4.0.11, 4.1.6, 4.2.3 or above.

Last Modified

2023-11-10

source