Headline
GHSA-gv8f-43pg-c5qw: Moodle Improper Input Validation vulnerability
In affected versions of Moodle, users’ names require additional sanitizing in the account confirmation email, to prevent a self-registration phishing risk. This issue has been patched in versions 3.9.8, 3.10.5 and 3.11.1.
- GitHub Advisory Database
- GitHub Reviewed
- CVE-2021-36402
Moodle Improper Input Validation vulnerability
Moderate severity GitHub Reviewed Published Mar 7, 2023 to the GitHub Advisory Database • Updated Mar 8, 2023
Package
composer moodle/moodle (Composer)
Affected versions
>= 3.11.0-beta, < 3.11.1
>= 3.10.0-beta, < 3.10.5
< 3.9.8
Patched versions
3.11.1
3.10.5
3.9.8
Published by the National Vulnerability Database
Mar 6, 2023
Published to the GitHub Advisory Database
Mar 7, 2023
Related news
In Moodle, Users' names required additional sanitizing in the account confirmation email, to prevent a self-registration phishing risk.