CVE-2024-43426: Moodle has arbitrary file read risk through pdfTeX

November 7, 2024 (updated February 11, 2025)

A flaw was found in pdfTeX. Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available, such as those with TeX Live installed.

References

bugzilla.redhat.com/show_bug.cgi?id=2304254
git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-82745
github.com/advisories/GHSA-vjmm-r9gg-425m
github.com/moodle/moodle
moodle.org/mod/forum/discuss.php?d=461194
nvd.nist.gov/vuln/detail/CVE-2024-43426

Code Behaviors & Features

Detect and mitigate CVE-2024-43426 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →