CVE-2021-32476

HIGH

Moodle < 3.5.18, 3.8-3.8.8, 3.9-3.9.6, 3.10-3.10.3 - Denial of Service via Draft Files Area

Title source: llm
STIX 2.1

Description

A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected.

References (1)

Core 1
Core References

Scores

CVSS v3 7.5
EPSS 0.0107
EPSS Percentile 61.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-770
Status published
Products (2)
moodle/moodle < 3.5.18
moodle/moodle 3.10 - 3.10.4Packagist
Published Mar 11, 2022
Tracked Since Feb 18, 2026