Description

A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected.

Remediation

References

CVE-2021-32476

Related Vulnerabilities

Apache Denial of service in mod_lua r:parsebody Vulnerability (CVE-2022-29404)

Sqlite Improper Handling of Exceptional Conditions Vulnerability (CVE-2019-19924)

Apache HTTP Server Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') Vulnerability (CVE-2021-41773)

Plone CMS Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-5487)

Moodle Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-6106)

Severity

High

Classification

CVE-2021-32476 CWE-400 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Tags

Missing Update Known Vulnerabilities