Boletines de Vulnerabilidades

MSA-22-0023: Stored XSS and page denial of service risks due to recursive rendering in Mustache template helpers


Información sobre el sistema

   
Software afectado PHP

Descripción

by Michael Hawkins. Recursive rendering of Mustache template helpers containing user input could, in some cases, result in an XSS risk or a page failing to load.Severity/Risk:SeriousVersions affected:4.0 to 4.0.3, 3.11 to 3.11.9, 3.9 to 3.9.16 and earlier unsupported versionsVersions fixed:4.0.4, 3.11.10 and 3.9.17Reported by:Adam Roberts, NCC GroupCVE identifier:CVE-2022-40313Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-68066Tracker

More info:

https://moodle.org/mod/forum/discuss.php?d=438392&parent=1764793

Identificadores estándar

Propiedad Valor
CVE CVE-2022-40313.

Histórico de versiones

Versión Comentario Fecha
1.0 Advisory issued 2022-09-20

Miembros de

Ministerio de Defensa
CNI
CCN
CCN-CERT