CVE-2018-1137

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2018-1137

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-1137.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2018-1137

Aliases

GHSA-vxqh-mx28-7ghw

Related

UBUNTU-CVE-2018-1137

Published

2018-05-25T12:29:00Z

Modified

2024-10-12T03:08:05.327680Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVSS Calculator

Summary

[none]

Details

An issue was discovered in Moodle 3.x. By substituting URLs in portfolios, users can instantiate any class. This can also be exploited by users who are logged in as guests to create a DDoS attack.

References

Affected packages

Git / github.com/moodle/moodle

Affected ranges

Type: GIT
Repo: https://github.com/moodle/moodle
Events: Introduced

b182239f21c38ea57cddb41b0c03ef3eb02709f8

Last affected

2a591e36a9783c364d1c55d8988b5630d073bc93

Introduced

665c3ac59c35b7387a4fc70b8ac6600ce9ffeb87

Last affected

c485e424475b41d3ae55cc3c742fed9cd19a1e75

Introduced

b87a580aa3eb23d5f05d7f619fc40a89e0f86fe5

Last affected

e786a591d538204fad37f188018f8c82f69a28f2

Affected versions

v3.*

v3.2.0

v3.2.1

v3.2.2

v3.2.3

v3.2.4

v3.2.5

v3.2.6

v3.2.7

v3.2.8

v3.3.0

v3.3.0-beta

v3.3.0-rc1

v3.3.0-rc2

v3.3.0-rc3

v3.3.1

v3.3.2

v3.3.3

v3.3.4

v3.3.5

v3.4.0

v3.4.0-beta

v3.4.0-rc1

v3.4.0-rc2

v3.4.0-rc3

v3.4.1

v3.4.2