CVE-2018-1137: Improper Input Validation

May 25, 2018 (updated June 25, 2018)

An issue was discovered in Moodle. By substituting URLs in portfolios, users can instantiate any class. This can also be exploited by users who are logged in as guests to create a DDoS attack.

References

www.securityfocus.com/bid/104307
moodle.org/mod/forum/discuss.php?d=371204
nvd.nist.gov/vuln/detail/CVE-2018-1137

Code Behaviors & Features

Detect and mitigate CVE-2018-1137 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →