moodle/moodle vulnerabilities

licenses detected
- GPL-3.0
  >=v2.3.4, <v2.5.0-beta; >=v3.2.0-beta
- (GPL-3.0 OR LGPL-2.1 OR MIT)
  >=v2.5.0-beta, <v3.2.0-beta

Report a new vulnerability Found a mistake?

Direct Vulnerabilities

Known vulnerabilities in the moodle/moodle package. This does not include vulnerabilities belonging to this package’s dependencies.

Automatically find and fix vulnerabilities affecting your projects. Snyk scans for vulnerabilities and provides fixes for free.

Fix for free

Vulnerability	Vulnerable Version
L Cross-site Scripting (XSS)	<3.9.24 >=3.10.0, <3.11.17 >=4.0.0, <4.0.11 >=4.1.0, <4.1.6 >=4.2.0, <4.2.3 >=4.3.0-beta, <4.3.0-rc2
M Improper Control of Generation of Code ('Code Injection')	<3.9.24 >=3.10.0, <3.11.17 >=4.0.0, <4.0.11 >=4.1.0, <4.1.6 >=4.2.0, <4.2.3 >=4.3.0-beta, <4.3.0-rc2
L Improper Access Control	<3.9.24 >=3.10.0, <3.11.17 >=4.0.0, <4.0.11 >=4.1.0, <4.1.6 >=4.2.0, <4.2.3 >=4.3.0-beta, <4.3.0-rc2
M Cross-site Scripting (XSS)	>=4.0, <4.0.11 >=4.1, <4.1.6 >=4.2, <4.2.3
L Interpretation Conflict	>=3.9, <3.9.24 >=3.11, <3.11.17 >=4.0, <4.0.11 >=4.1, <4.1.6 >=4.2, <4.2.3
L Improper Access Control	>=4.0, <4.0.11 >=4.1, <4.1.6 >=4.2, <4.2.3
L Improper Access Control	>=4.2.2, <4.2.3 >=4.3.0-beta, <4.3.0-rc2
L Information Exposure	<3.9.24 >=3.10.0, <3.11.17 >=4.0.0, <4.0.11 >=4.1.0, <4.1.6 >=4.2.0, <4.2.3 >=4.3.0-beta, <4.3.0-rc2
M Cross-site Scripting (XSS)	>=3.9, <3.9.24 >=3.11, <3.11.17 >=4.0, <4.0.11 >=4.1, <4.1.6 >=4.2, <4.2.3
L Cross-site Scripting (XSS)	<3.9.24 >=3.10.0, <3.11.17 >=4.0.0, <4.0.11 >=4.1.0, <4.1.6 >=4.2.0, <4.2.3 >=4.3.0-beta, <4.3.0-rc2
M Arbitrary Code Injection	>=3.9, <3.9.24 >=3.11, <3.11.17 >=4.0, <4.0.11 >=4.1, <4.1.6 >=4.2, <4.2.3
L Information Exposure	<3.9.24 >=3.10.0, <3.11.17 >=4.0.0, <4.0.11 >=4.1.0, <4.1.6 >=4.2.0, <4.2.3 >=4.3.0-beta, <4.3.0-rc2
M Improper Control of Generation of Code ('Code Injection')	<3.9.24 >=3.10.0, <3.11.17 >=4.0.0, <4.0.11 >=4.1.0, <4.1.6 >=4.2.0, <4.2.3 >=4.3.0-beta, <4.3.0-rc2
M Access Restriction Bypass	<2.7.17 >=2.8.0, <2.9.9 >=3.0.0, <3.0.7 >=3.1.0, <3.1.3
M Improper Input Validation	>=2.7.0, <2.7.15 >=2.8.0, <2.9.7 >=3.0.0, <3.0.5 >=3.1.0, <3.1.1
M Information Exposure	<2.9.7 >=3.0, <3.0.5 >=3.1.0, <3.1.1
M Information Exposure	>=3.0, <3.0.3 >=2.9, <2.9.5 >=2.8, <2.8.11 <2.7.13
M Information Exposure	>=3.0, <3.0.2 >=2.9, <2.9.4 >=2.8, <2.8.10 <2.7.12
M Information Exposure	>=0.0.0
M Cross-site Scripting (XSS)	>=2.4.0, <2.4.2 >=2.3.0, <2.3.5 >=2.2.0, <2.2.8 >=2.0.0, <2.1.10
M Information Exposure	<2.2.11 >=2.3.0, <2.3.7 >=2.4.0, <2.4.4
H Improper Input Validation	<2.1.11 >=2.2.0, <2.2.10 >=2.3.0, <2.3.7 >=2.4.0, <2.4.4
H Arbitrary Code Execution	<2.5.3
M Insecure Defaults	>=2.5.0, <2.5.9 >=2.6.0, <2.6.6 >=2.7.0, <2.7.3
M Access Restriction Bypass	>=2.4.0, <2.4.10 >=2.5.0, <2.5.6 >=2.6.0, <2.7.0
M Arbitrary Code Execution	>=2.4.0, <2.4.11 >=2.5.0, <2.5.7 >=2.6.0, <2.6.4 >=2.7.0, <2.7.1
M Arbitrary File Read	>=2.4.0, <2.4.11 >=2.5.0, <2.5.7 >=2.6.0, <2.6.4 >=2.7.0, <2.7.1
M Cross-site Scripting (XSS)	<2.7.11 >=2.8.0, <2.8.9 >=2.9.0, <2.9.3
M Cross-site Scripting (XSS)	<3.1.2
M Cross-site Scripting (XSS)	<2.6.9 >=2.7.0, <2.7.6 >=2.8.0, <2.8.4
M Open Redirect	<2.6.11 >=2.7, <2.7.8 >=2.8, <2.8.6
M Authorization Bypass	>=2.9.0, <2.9.3
M Incorrect Permission Assignment for Critical Resource	<3.5.9 >=3.6.0, <3.6.7 >=3.7.0, <3.7.3
M Information Exposure	<2.7.11 >=2.8.0, <2.8.9 >=2.9.0, <2.9.3
M Cross-site Scripting (XSS)	>=3.1, <3.1.5 >=3.2, <3.2.2
M Improper Privilege Management	>=3.1.0, <3.1.7 >=3.2.0, <3.2.4 >=3.3.0, <3.3.1
M Information Exposure	>=3.1.0, <3.1.8 >=3.2.0, <3.2.5 >=3.3.0, <3.3.2
M Cross-site Scripting (XSS)	>=3.1.0, <3.1.8 >=3.2.0, <3.2.5 >=3.3.0, <3.3.2
M Information Exposure	>=3.3, <3.3.1
M Cross-site Scripting (XSS)	<3.1.16 >=3.4, <3.4.7 >=3.5, <3.5.4 >=3.6, <3.6.2
M Server-side Request Forgery (SSRF)	>=3.5, <3.5.4
M Cross-site Scripting (XSS)	>=3.1.0, <3.1.15 >=3.4.0, <3.4.6 >=3.5.0, <3.5.3 >=3.6.0, <3.6.1
M Improper Authentication	>=3.5.0, <3.5.9 >=3.6.0, <3.6.7 >=3.7.0, <3.7.3
M Cross-site Scripting (XSS)	>=3.7.0, <3.7.2
H Cross-site Request Forgery (CSRF)	>=3.5.0, <3.5.6 >=3.6.0, <3.6.4 >=3.7.0, <3.7.1
M Cross-site Scripting (XSS)	>=3.7, <3.7.7 >=3.8, <3.8.4 >=3.9, <3.9.1
M Cross-site Scripting (XSS)	>=3.8, <3.8.1
M Cross-site Scripting (XSS)	>=3.11.0, <3.11.15 >=4.0.0, <4.0.9 >=4.1.0, <4.1.4 >=4.2.0, <4.2.1
H Server-side Request Forgery (SSRF)	>=3.9.0, <3.9.22 >=3.11.0, <3.11.15 >=4.0.0, <4.0.9 >=4.1.0, <4.1.4 >=4.2.0, <4.2.1
M SQL Injection	>=3.9.0, <3.9.22 >=3.11.0, <3.11.15 >=4.0.0, <4.0.9 >=4.1.0, <4.1.4 >=4.2.0, <4.2.1
M Cross-site Scripting (XSS)	>=0.0.0
H SQL Injection	>=3.9, <3.9.21 >=3.11, <3.11.14 >=4.0, <4.0.8 >=4.1, <4.1.3
M External Control of File Name or Path	>=4.1.0, <4.1.3
M Authorization Bypass	<3.9.16 >=3.11.0, <3.11.9 >=4.0.0, <4.0.3
M Cross-site Request Forgery (CSRF)	>=4.1.0, <4.1.2
H Arbitrary Code Injection	<3.9.20 >=3.11.0, <3.11.13 >=4.0.0, <4.0.7 >=4.1.0, <4.1.2
M Information Exposure	>=4.0.0, <4.0.7 >=4.1.0, <4.1.2
M Information Exposure	<3.9.20 >=3.11.0, <3.11.13 >=4.0.0, <4.0.7 >=4.1.0, <4.1.2
M Cross-site Scripting (XSS)	<3.9.20 >=3.11.0, <3.11.13 >=4.0.0, <4.0.7 >=4.1.0, <4.1.2
M Information Exposure	<3.9.20 >=3.11.0, <3.11.13 >=4.0.0, <4.0.7 >=4.1.0, <4.1.2
M Cross-site Scripting (XSS)	<3.9.20 >=3.11.0, <3.11.13 >=4.0.0, <4.0.7 >=4.1.0, <4.1.2
M Arbitrary File Read	<3.9.20 >=3.11.0, <3.11.13 >=4.0.0, <4.0.7 >=4.1.0, <4.1.2
H SQL Injection	<3.9.20 >=3.11.0, <3.11.13 >=4.0.0, <4.0.7 >=4.1.0, <4.1.2
M Cross-site Scripting (XSS)	<3.9.8 >=3.10.0-beta, <3.10.5 >=3.11.0-beta, <3.11.1
M Incorrect Default Permissions	<3.9.8 >=3.10.0-beta, <3.10.5 >=3.11.0-beta, <3.11.1
M Hidden Functionality	<3.9.8 >=3.10.0-beta, <3.10.5 >=3.11.0-beta, <3.11.1
M Cross-site Scripting (XSS)	<3.9.8 >=3.10.0-beta, <3.10.5 >=3.11.0-beta, <3.11.1
H Improper Input Validation	<3.9.8 >=3.10.0-beta, <3.10.5 >=3.11.0-beta, <3.11.1
M Cross-site Scripting (XSS)	<3.11.1
M Incorrect Default Permissions	<3.9.8 >=3.10.0-beta, <3.10.5 >=3.11.0-beta, <3.11.1
H SQL Injection	<3.9.8 >=3.10.0-beta, <3.10.5 >=3.11.0-beta, <3.11.1
H SQL Injection	<3.9.8 >=3.10.0-beta, <3.10.5 >=3.11.0-beta, <3.11.1
H Remote Code Execution (RCE)	<3.9.8 >=3.10.0-beta, <3.10.5 >=3.11.0-beta, <3.11.1
M Server-side Request Forgery (SSRF)	<3.9.8 >=3.10.0-beta, <3.10.5 >=3.11.0-beta, <3.11.1
H Denial of Service (DoS)	<3.9.8 >=3.10.0-beta, <3.10.5 >=3.11.0-beta, <3.11.1
M Cross-site Scripting (XSS)	<4.0.6 >=4.1.0, <4.1.1
M Cross-site Scripting (XSS)	<3.9.19 >=3.11.0, <3.11.12 >=4.0.0, <4.0.6 >=4.1.0, <4.1.1
M Access Restriction Bypass	<3.9.19 >=3.11.0, <3.11.12 >=4.0.0, <4.0.6 >=4.1.0, <4.1.1
L Cross-site Request Forgery (CSRF)	>=3.9.0, <3.9.18 >=3.11.0, <3.11.11 >=4.0.0, <4.0.5
M Cross-site Request Forgery (CSRF)	>=3.11, <3.11.9 >=4.0, <4.0.3
M Cross-site Scripting (XSS)	<3.9.17 >=3.11.0, <3.11.10 >=4.0.0, <4.0.4
H Arbitrary Code Execution	<3.9.17 >=3.11.0, <3.11.10 >=4.0.0, <4.0.4
L SQL Injection	<3.9.17 >=3.11.0, <3.11.10 >=4.0.0, <4.0.4
M Information Exposure	<3.9.17 >=3.11.0, <3.11.10 >=4.0.0, <4.0.4
M Cross-site Scripting (XSS)	>=0.0.0
H Improper Authorization	<3.5.13 >=3.6.0, <3.7.7 >=3.8.0, <3.8.4 >=3.9.0, <3.9.1
M Improper Input Validation	<3.9.15 >=3.10.0-beta, <3.11.8 >=4.0.0-beta, <4.0.2
C SQL Injection	<3.9.14 >=3.10, <3.10.11 >=3.11, <3.11.7 >=4.0, <4.0.1
H Incorrect Calculation	<3.9.14 >=3.10, <3.10.11 >=3.11, <3.11.7 >=4.0, <4.0.1
M Information Exposure	<3.9.14 >=3.10, <3.10.11 >=3.11, <3.11.7 >=4.0, <4.0.1
M Cross-site Scripting (XSS)	<3.9.14 >=3.10, <3.10.11 >=3.11, <3.11.7 >=4.0, <4.0.1
M External Control of Assumed-Immutable Web Parameter	<3.9.14 >=3.10, <3.10.11 >=3.11, <3.11.7 >=4.0, <4.0.1
H Incorrect Authorization	>=3.9, <3.9.13 >=3.10, <3.10.10 >=3.11, <3.11.6 >=4.0.0-rc1, <4.0.0
H Improper Authentication	>=3.9, <3.9.13 >=3.10, <3.10.10 >=3.11, <3.11.6 >=4.0.0-rc1, <4.0.0
M SQL Injection	<3.9.13 >=3.10.0, <3.10.10 >=3.11.0, <3.11.6
M SQL Injection	<3.5.18 >=3.8, <3.8.9 >=3.9, <3.9.7 >=3.10, <3.10.4
M Cross-site Scripting (XSS)	<3.8.9 >=3.9, <3.9.7 >=3.10, <3.10.4
M Denial of Service (DoS)	<3.5.18 >=3.8, <3.8.9 >=3.9, <3.9.7 >=3.10, <3.10.4
L Information Exposure	<3.8.9 >=3.9, <3.9.7 >=3.10, <3.10.4
L Cross-site Scripting (XSS)	<3.5.18 >=3.8, <3.8.8 >=3.9, <3.9.7 >=3.10, <3.10.4
C SQL Injection	>=3.11, <3.11.5
L Authorization Bypass	<3.9.12 >=3.10, <3.10.9 >=3.11, <3.11.5
M Authorization Bypass	<3.9.12 >=3.10, <3.10.9 >=3.11, <3.11.5
H Cross-site Request Forgery (CSRF)	<3.9.12 >=3.10, <3.10.9 >=3.11, <3.11.5
M Arbitrary File Read	<3.9.10 >=3.10.0, <3.10.7 >=3.11.0, <3.11.3
M Information Exposure	<3.9.10 >=3.10.0, <3.10.7 >=3.11.0, <3.11.3
M Improper Access Control	<3.9.10 >=3.10.0, <3.10.7 >=3.11.0, <3.11.3
M Improper Authentication	<3.9.10 >=3.10.0, <3.10.7 >=3.11.0, <3.11.3
M Access Restriction Bypass	<3.9.10 >=3.10.0, <3.10.7 >=3.11.0, <3.11.3
H Arbitrary Code Execution	>=3.11, <3.11.4 >=3.10, <3.10.8 <3.9.11
M Cross-site Scripting (XSS)	>=3.11, <3.11.4 >=3.10, <3.10.8 <3.9.11
M Improper Authorization	>=3.11, <3.11.4 >=3.10, <3.10.8 <3.9.11
H Cross-site Request Forgery (CSRF)	>=3.11, <3.11.4 >=3.10, <3.10.8 <3.9.11
M Cross-site Scripting (XSS)	>=0.0.0
M Improper Input Validation	<3.5.8 >=3.6, <3.6.6 >=3.7, <3.7.2
L Improper Authentication	>=3.5, <3.5.8 >=3.6, <3.6.6 >=3.7, <3.7.2
M Open Redirect	>=3.5, <3.5.8 >=3.6, <3.6.6 >=3.7, <3.7.2
M Open Redirect	>=3.5, <3.5.8 >=3.6, <3.6.6 >=3.7, <3.7.2
M Improper Authorization	>=3.5, <3.5.8 >=3.6, <3.6.6 >=3.7, <3.7.2
M Cross-site Scripting (XSS)	>=3.10.0-beta, <3.10.2 >=3.9.0-beta, <3.9.5 >=3.6.0-beta, <3.8.8 <3.5.17
M Information Exposure	>=3.10.0-beta, <3.10.2 >=3.9.0-beta, <3.9.5 >=3.6.0-beta, <3.8.8 <3.5.17
M Cross-site Scripting (XSS)	>=3.10.0-beta, <3.10.2 >=3.9.0-beta, <3.9.5 >=3.6.0-beta, <3.8.8 <3.5.17
M Improper Authorization	>=3.10.0-beta, <3.10.2 >=3.9.0-beta, <3.9.5 >=3.6.0-beta, <3.8.8 <3.5.17
M Information Exposure	>=3.10.0-beta, <3.10.2 >=3.9.0-beta, <3.9.5 >=3.6.0-beta, <3.8.8 <3.5.17
M Cross-site Scripting (XSS)	>=3.10.0, <3.10.1
L Information Disclosure	>=3.10.0, <3.10.1 >=3.9.0, <3.9.4 >=3.8.0, <3.8.7
L Denial of Service (DoS)	>=3.10.0, <3.10.1 >=3.9.0, <3.9.4 >=3.8.0, <3.8.7 >3.5.0, <3.5.16
H Cross-site Scripting (XSS)	>=3.9.0, <3.9.2
M Denial of Service (DoS)	>=3.9.0, <3.9.1 >=3.8.0, <3.8.4 >=3.7.0, <3.7.7 <3.5.13
H Cross-site Scripting (XSS)	>=3.9.0, <3.9.2 >=3.8.0, <3.8.5 >=3.7.0, <3.7.8
H Privilege Escalation	>=3.9.0, <3.9.1 >=3.8.0, <3.8.4 >=3.7.0, <3.7.7 <3.5.13
H Cross-site Scripting (XSS)	>=3.9.0, <3.9.1 >=3.8.0, <3.8.4 >=3.7.0, <3.7.7 <3.5.13
M Improper Access Control	<3.5.15 >=3.7.0, <3.7.9 >=3.8.0, <3.8.6 >=3.9.0, <3.9.3
M Improper Access Control	<3.5.15 >=3.7.0, <3.7.9 >=3.8.0, <3.8.6 >=3.9.0, <3.9.3
M Sensitive Data Exposure	>=3.7.0, <3.7.9 >=3.8.0, <3.8.6 >=3.9.0, <3.9.3
M Cross-site Scripting (XSS)	>=3.9.0, <3.9.3
M Improper Access Control	<3.5.15 >=3.7.0, <3.7.9 >=3.8.0, <3.8.6 >=3.9.0, <3.9.3
H Arbitrary Code Execution	>=3.8.0, <3.8.3 >=3.7.0, <3.7.6 >=3.6.0, <3.6.10 >=3.5.0, <3.5.12
H Information Exposure	<3.7.2
L Information Exposure	>=3.6, <3.6.4
M Open Redirect	<3.1.18 >=3.4, <3.4.9 >=3.5, <3.5.6 >=3.6, <3.6.4
L Security Issue	<3.1.17 >=3.4.0, <3.4.8 >=3.5.0, <3.5.5 >=3.6.0, <3.6.3
M Information Exposure	>=3.4.0, <3.4.8 >=3.5.0, <3.5.5 >=3.6.0, <3.6.3
L Security Issue	>=3.1.0, <3.1.17 >=3.4.0, <3.4.8 >=3.5.0, <3.5.5 >=3.6.0, <3.6.3
M Permissions Issues	>=3.5.0, <3.5.5 >=3.6.0, <3.6.3
M Permissions Issue	>=3.4.0, <3.4.8 >=3.5.0, <3.5.5 >=3.6.0, <3.6.3
M Permissions Issues	<3.6.3
M Cross-site Request Forgery (CSRF)	<3.1.15 >=3.2.0, <3.3.9 >=3.4.0, <3.4.6 >=3.5.0, <3.5.3
H Arbitrary Code Execution	<3.1.14 >=3.3.0, <3.3.8 >=3.4.0, <3.4.5 >=3.5.0, <3.5.2
M Cross-site Scripting (XSS)	<3.3.8 >=3.4.0, <3.4.5 >=3.5.0, <3.5.2
H Arbitrary Code Execution	<3.1.13 >=3.3.0, <3.3.7 >=3.4.0, <3.4.4 >=3.5.0, <3.5.1
M Information Exposure	<3.1.13 >=3.3.0, <3.3.7 >=3.4.0, <3.4.4 >=3.5.0, <3.5.1
M Information Exposure	<3.3.7 >=3.4.0, <3.4.4 >=3.5.0, <3.5.1
H Denial of Service (DoS)	<3.1.12 >=3.2.0, <3.2.9 >=3.3.0, <3.3.6 >=3.4.0, <3.4.3
M Arbitrary File Download	<3.1.12 >=3.2.0, <3.2.9 >=3.3.0, <3.3.6 >=3.4.0, <3.4.3
M Arbitrary File Download	>3.1.12 >=3.2.0, <3.2.9 >=3.3.0, <3.3.6 >=3.4.0, <3.4.3
H Arbitrary Code Execution	<3.1.12 >=3.2.0, <3.2.9 >=3.3.0, <3.3.6 >=3.4.0, <3.4.3
C Authentication Bypass	>=3.3, <3.3.5 >=3.4, <3.4.2
M Authentication Bypass	>=3.1, <3.1.11 >=3.2, <3.2.8 >=3.3, <3.3.5 >=3.4, <3.4.2
M Information Exposure	>=3.1, <3.1.9 >=3.2, <3.2.6 >=3.3, <3.3.2
M Cross-site Scripting (XSS)	>=3.1, <3.1.10 >=3.2, <3.2.7 >=3.3, <3.3.4
M Server Side Request Forgery (SSRF)	>=3.1, <3.1.10 >=3.2, <3.2.7 >=3.3, <3.3.4 >=3.4, <3.4.1
M Blacklist Bypass	>=3.4, <3.4.1 >=3.3, <3.3.4 >=3.2, <3.2.7
M Arbitrary E-mail Header Injection	<1.9.16 >=2.0.0, <2.0.7 >=2.1.0, <2.1.4 >=2.2.0, <2.2.1
M Information Exposure	>=3.4, <3.4.1 >=3.3, <=3.3.3 >=3.2, <=3.2.6 >=3.1, <=3.1.9

moodle/moodle vulnerabilities

licenses detected

Direct Vulnerabilities