Vulnerability Bulletins

MSA-23-0019: Proxy bypass risk due to insufficient validation

System information

Affected software PHP


от Michael Hawkins. Incorrect domain matching logic made it possible to bypass the proxy, which could result in access to hosts intended to be blocked by the proxy.Severity/Risk:SeriousVersions affected:4.2 to 4.2.1, 4.1 to 4.1.4, 4.0 to 4.0.9, 3.11 to 3.11.15, 3.9 to 3.9.22 and earlier unsupported versionsVersions fixed:4.2.2, 4.1.5, 4.0.10, 3.11.16 and 3.9.23Reported by:Brendan HeywoodWorkaround:Add hosts blocked within the proxy to the Moodle cURL blocked hosts configuration if

More info:

Standar resources

Property Value
CVE CVE-2023-40316.

Version history

Version Comments Date
1.0 Advisory issued 2023-08-22
Ministerio de Defensa