CVE-2021-36395: Moodle vulnerable to Uncontrolled Resource Consumption

March 6, 2023 (updated March 7, 2025)

In Moodle, the file repository’s URL parsing required additional recursion handling to mitigate the risk of recursion denial of service.

References

github.com/advisories/GHSA-273w-7fxj-pcp6
github.com/moodle/moodle
moodle.org/mod/forum/discuss.php?d=424801
nvd.nist.gov/vuln/detail/CVE-2021-36395

Code Behaviors & Features

Detect and mitigate CVE-2021-36395 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →