VYPR

Bitnami package

canvaslms

pkg:bitnami/canvaslms

Vulnerabilities (2)

  • CVE-2021-36539MedJan 26, 2023
    affected < 2022-10-15.0.0fixed 2022-10-15.0.0

    Instructure Canvas LMS didn't properly deny access to locked/unpublished files when the unprivileged user access the DocViewer based file preview URL (canvadoc_session_url).

  • CVE-2020-5775MedAug 21, 2020
    affected >= 2020-07-29.0.0, <= 2020-07-29.0.0

    Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a remote, unauthenticated attacker to cause the Canvas application to perform HTTP GET requests to arbitrary domains.