Base Score

HIGH7.5

CVE-2021-36395

In Moodle, the file repository's URL parsing required additional recursion handling to mitigate the risk of recursion denial of service.

VectorNETWORK

Published Bypatrick@puiterwijk.org

Published DateMar 06, 2023, 21:15

Affected Versions(3)

moodle/moodle(Packagist)

Introduced3.11.0-beta

Fixed3.11.1

LimitN/A

moodle/moodle(Packagist)

Introduced3.10.0-beta

Fixed3.10.5

LimitN/A

moodle/moodle(Packagist)

Introduced0

Fixed3.9.8

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
moodle/moodle(Packagist)	3.11.0-beta	3.11.1	N/A
moodle/moodle(Packagist)	3.10.0-beta	3.10.5	N/A
moodle/moodle(Packagist)	0	3.9.8	N/A

Weakness Type (CWE):CWE-674

CVSS Metrics

Base Score

7.5

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

HIGH

References

https://moodle.org/mod/forum/discuss.php?d=424801

Base Score

HIGH7.5

Weakness Type (CWE):CWE-674

CVSS Metrics

Base Score

7.5

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Severity

HIGH

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

NONE

Integrity (I)

NONE

Availability (A)

HIGH