Open Redirect Affecting moodle/moodle package, versions >=3.5, <3.5.8 >=3.6, <3.6.6 >=3.7, <3.7.2


0.0
medium

Snyk CVSS

    Attack Complexity Low
    User Interaction Required

    Threat Intelligence

    EPSS 0.08% (35th percentile)
Expand this section
NVD
6.1 medium

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk ID SNYK-PHP-MOODLEMOODLE-1088009
  • published 21 Mar 2021
  • disclosed 21 Mar 2021
  • credit Frederik Schou Schmidt

How to fix?

Upgrade moodle/moodle to version 3.5.8, 3.6.6, 3.7.2 or higher.

Overview

moodle/moodle is a learning platform.

Affected versions of this package are vulnerable to Open Redirect via the mobile launch endpoint.

Note: This does not affect sites with a forced URL scheme configured, mobile service disabled, or where the mobile app login method is "via the app".