BIT-moodle-2020-25630

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/moodle/BIT-moodle-2020-25630.json
JSON Data
https://api.test.osv.dev/v1/vulns/BIT-moodle-2020-25630
Aliases
Published
2024-03-06T11:11:51.900Z
Modified
2024-04-23T22:58:40.227033Z
Summary
[none]
Details

A vulnerability was found in Moodle where the decompressed size of zip files was not checked against available user quota before unzipping them, which could lead to a denial of service risk. This affects versions 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions. Fixed in 3.9.2, 3.8.5, 3.7.8 and 3.5.14.

Database specific
{
    "cpes": [
        "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*"
    ],
    "severity": "High"
}
References

Affected packages

Bitnami / moodle

Package

Name
moodle
Purl
pkg:bitnami/moodle

Severity

  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
3.5.0
Fixed
3.5.14
Introduced
3.7.0
Fixed
3.7.8
Introduced
3.8.0
Fixed
3.8.5
Introduced
3.9.0
Fixed
3.9.2