{ "schema_version": "1.5.0", "id": "BIT-moodle-2023-28333", "details": "The Mustache pix helper contained a potential Mustache injection risk if combined with user input (note: This did not appear to be implemented/exploitable anywhere in the core Moodle LMS).", "aliases": [ "CVE-2023-28333" ], "affected": [ { "package": { "ecosystem": "Bitnami", "name": "moodle", "purl": "pkg:bitnami/moodle" }, "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" } ], "ranges": [ { "type": "SEMVER", "events": [ { "introduced": "3.9.0" }, { "fixed": "3.9.20" }, { "introduced": "3.11.0" }, { "fixed": "3.11.13" }, { "introduced": "4.0.0" }, { "fixed": "4.0.7" } ] }, { "type": "SEMVER", "events": [ { "introduced": "3.9.0" }, { "last_affected": "3.9.0" }, { "introduced": "3.11.0" }, { "last_affected": "3.11.0" }, { "introduced": "4.0.0" }, { "last_affected": "4.0.0" }, { "introduced": "4.1.0" }, { "last_affected": "4.1.0" }, { "introduced": "4.1.1" }, { "last_affected": "4.1.1" } ] } ] } ], "database_specific": { "severity": "Critical", "cpes": [ "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:3.11.0:-:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:3.9.0:-:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:4.0.0:-:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:4.1.0:-:*:*:*:*:*:*", "cpe:2.3:a:moodle:moodle:4.1.1:*:*:*:*:*:*:*" ] }, "references": [ { "type": "WEB", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3QZN34VSF4HTCW3C3ZP2OZYSLYUKADPF/" }, { "type": "WEB", "url": "https://moodle.org/mod/forum/discuss.php?d=445065" }, { "type": "WEB", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2179422" } ], "published": "2024-03-06T11:00:15.007Z", "modified": "2024-04-20T07:49:38.167Z" }