Description
filter/urltolink/filter.php in Moodle through 2.5.9, 2.6.x before 2.6.9, 2.7.x before 2.7.6, and 2.8.x before 2.8.4 allows remote authenticated users to cause a denial of service (CPU consumption or partial outage) via a crafted string that is matched against an improper regular expression.
Remediation
References
Related Vulnerabilities
WordPress Plugin WP Custom Fields Search Cross-Site Scripting (1.2.34)
WordPress Plugin Mass Delete Unused Tags Cross-Site Request Forgery (2.0.0)
WordPress Plugin WP SMS Cross-Site Scripting (5.4.12)
Highcharts JS Incorrect Regular Expression Vulnerability (CVE-2018-20801)
Perl Improper Link Resolution Before File Access ('Link Following') Vulnerability (CVE-2018-12015)