Nixpkgs Security Tracker

Login with GitHub

Details of issue NIXPKGS-2026-0040

NIXPKGS-2026-0040

published on 18 Jan 2026

Permalink CVE-2025-62397

updated 1 month ago by @LeSuisse Activity log

Created automatic suggestion 3 months ago
@LeSuisse removed package moodle-dl 1 month ago
@LeSuisse removed
2 maintainers
- @kmein
- @freezeboy
1 month ago
@LeSuisse accepted 1 month ago
@LeSuisse published on GitHub 1 month ago

Moodle: router produces json instead of 404 error for invalid course id

The router’s inconsistent response to invalid course IDs allowed attackers to infer which course IDs exist, potentially aiding reconnaissance.

Affected products

moodle

<5.0.3

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

nixos-unstable 5.0.2
- nixpkgs-unstable 5.0.2
- nixos-unstable-small 5.0.2

Package maintainers

Ignored maintainers (1)

@freezeboy freezeboy