CVE-2021-32476
Moodle denial-of-service risk in the draft files area
7.5
HIGH
CVSS 3.1
EPSS 0.67%
Description
A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected.
How to fix CVE-2021-32476
To remediate CVE-2021-32476, upgrade the affected package to a fixed version below.
- —upgrade to 3.5.18 or later
- —upgrade to 3.10.4 or later
Is CVE-2021-32476 being exploited?
Low — EPSS is 0.7%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 3.5.18, >= 3.8.0, < 3.8.9, >= 3.9.0, < 3.9.7, >= 3.10.0, < 3.10.4
- >= 3.10, < 3.10.4
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |