Recursion Denial of Service in Moodle File Repository by Moodle
CVE-2021-36395

7.5HIGH

Key Information:

Vendor: Moodle
Status: Moodle
Vendor: CVE Published:; 6 March 2023

What is CVE-2021-36395?

In Moodle's file repository, a flaw exists in the URL parsing process that lacks proper handling for additional recursion. This oversight could lead to a denial of service through unintended recursive calls, potentially impacting system availability. It is crucial for users to update their Moodle installations to mitigate this risk and maintain optimal performance.

Affected Version(s)

Moodle 3.11, 3.10 to 3.10.4, 3.9 to 3.9.7 and earlier unsupported versions

References

https://moodle.org/mod/forum/discuss.php?d=424801

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 6, 2023
Vulnerability Reserved
Jul 12, 2021