CVE-2023-35133
- Source
- https://cve.org/CVERecord?id=CVE-2023-35133
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-35133.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-35133
- Aliases
- Downstream
- Published
- 2023-06-22T21:15:09.520Z
- Modified
- 2026-02-11T14:46:06.884795Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.
- References
-
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7A72KX4WU6GK2CX4TKYFGFASPKOEOJFC/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/I5QAEAGJ44NVXLAJFJXKARKC45OGEDXT/
- https://moodle.org/mod/forum/discuss.php?d=447831
- https://bugzilla.redhat.com/show_bug.cgi?id=2214373
- https://moodle.org/mod/forum/discuss.php?d=447831
Affected packages
Git / github.com/moodle/moodle
Affected ranges
- Type
- GIT
- Repo
- https://github.com/moodle/moodle
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroducedFixedIntroducedFixedIntroducedFixed