The Mustache pix helper contained a potential Mustache injection risk if combined with user input (note: This did not appear to be implemented/exploitable anywhere in the core Moodle LMS). This flaw affects Moodle versions 4.1 to 4.1.1, 4.0 to 4.0.6, 3.11 to 3.11.12, 3.9 to 3.9.19 and earlier unsupported versions. Reference: https://moodle.org/mod/forum/discuss.php?d=445065
Created moodle tracking bugs for this issue: Affects: epel-7 [bug 2180085] Affects: fedora-all [bug 2180084]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.