Insufficient sanitizing of loaders used by TinyMCE resulted in an arbitrary folder creation risk. Versions affected: 4.1 to 4.1.2 Versions fixed: 4.1.3
Created moodle tracking bugs for this issue: Affects: epel-7 [bug 2192466] Affects: fedora-36 [bug 2192467] Affects: fedora-37 [bug 2192468] Affects: fedora-38 [bug 2192469]
References: https://moodle.org/mod/forum/discuss.php?d=446285 http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-77718
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.