CVE-2023-28333: Moodle's Mustache pix helper contained a potential Mustache injection risk if combined with user input

March 23, 2023 (updated November 9, 2023)

The Mustache pix helper contained a potential Mustache injection risk if combined with user input (note: This does not appear to be implemented/exploitable anywhere in the core Moodle LMS).

References

git.moodle.org/gw?p=moodle.git;a=commitdiff;h=128c0c21607a71f411611a0104b2a8c858dd6fca
github.com/advisories/GHSA-q2x3-2f9g-h559
github.com/moodle/moodle/commit/128c0c21607a71f411611a0104b2a8c858dd6fca
moodle.org/mod/forum/discuss.php?d=445065
nvd.nist.gov/vuln/detail/CVE-2023-28333

Code Behaviors & Features

Detect and mitigate CVE-2023-28333 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →