At any point of the digital transition,…
In Moodle, a weakness was observed where the decompressed size of zip files was not tested against the user quota available until unzipping them, which could lead to a risk of denial of service.
This impacts versions 3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and versions that were previously unsupported. 3.9.2, 3.8.5, 3.7.8 and 3.5.14. have been fixed.
Another vulnerability in this app:
MSA-20-0015: Chapter name in book not always escaped with forceclean enabled
Note: By default this functionality is only available to trusted users (such as teachers), but has been included as a security issue as a precaution, since it was not sanitized on sites with forceclean enabled.
Update you application.