VYPR
High severityOSV Advisory· Published Jun 22, 2023· Updated Aug 2, 2024

Moodle: ssrf risk due to insufficient check on the curl blocked hosts

CVE-2023-35133

Description

An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
moodle/moodlePackagist
>= 4.2.0, < 4.2.14.2.1
moodle/moodlePackagist
>= 4.1.0, < 4.1.44.1.4
moodle/moodlePackagist
>= 4.0.0, < 4.0.94.0.9
moodle/moodlePackagist
>= 3.10.0, < 3.11.153.11.15
moodle/moodlePackagist
< 3.9.223.9.22

Affected products

3

Patches

Vulnerability mechanics

References

10

News mentions

0

No linked articles in our index yet.