CVE-2021-32476
HIGHMoodle < 3.5.18, 3.8-3.8.8, 3.9-3.9.6, 3.10-3.10.3 - Denial of Service via Draft Files Area
Title source: llmDescription
A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected.
References (1)
Core 1
Core References
Patch, Vendor Advisory
https://moodle.org/mod/forum/discuss.php?d=422310
Scores
CVSS v3
7.5
EPSS
0.0067
EPSS Percentile
71.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-770
Status
published
Products (2)
moodle/moodle
< 3.5.18
moodle/moodle
3.10 - 3.10.4Packagist
Published
Mar 11, 2022
Tracked Since
Feb 18, 2026