Nixpkgs Security Tracker

Untriaged

Permalink CVE-2023-35133

created 5 months ago

Moodle: ssrf risk due to insufficient check on the curl blocked hosts

An issue in the logic used to check 0.0.0.0 against the cURL blocked hosts lists resulted in an SSRF risk. This flaw affects Moodle versions 4.2, 4.1 to 4.1.3, 4.0 to 4.0.8, 3.11 to 3.11.14, 3.9 to 3.9.21 and earlier unsupported versions.

Affected products

moodle

<3.11.15
<4.1.4
<4.2.1
<4.0.9
<3.9.22

Matching in nixpkgs

pkgs.moodle

Free and open-source learning management system (LMS) written in PHP

nixos-unstable -
- nixpkgs-unstable 5.0.2

pkgs.moodle-dl

Moodle downloader that downloads course content fast from Moodle

nixos-unstable -
- nixpkgs-unstable 2.3.13

Package maintainers

@freezeboy freezeboy
@kmein Kierán Meinhardt <kmein@posteo.de>

Suggestion detail

Affected products

Matching in nixpkgs

pkgs.moodle

pkgs.moodle-dl

Package maintainers