CVE-2024-43426
Moodle has arbitrary file read risk through pdfTeX
7.5
HIGH
CVSS 3.1
EPSS 0.91%
Description
A flaw was found in pdfTeX. Insufficient sanitizing in the TeX notation filter resulted in an arbitrary file read risk on sites where pdfTeX is available, such as those with TeX Live installed.
How to fix CVE-2024-43426
To remediate CVE-2024-43426, upgrade the affected package to a fixed version below.
- Bitnami/moodle—upgrade to 4.1.12 or later
- —upgrade to 4.1.12 or later
Is CVE-2024-43426 being exploited?
Low — EPSS is 0.9%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- >= 4.1.0, < 4.1.12, >= 4.2.0, < 4.2.9, >= 4.3.0, < 4.3.6, >= 4.4.0, < 4.4.2
- from 0, < 4.1.12
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 4.0 | — | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U |
| osv | CVSS 3.1 | HIGH7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |