Description
A denial-of-service risk was identified in the draft files area, due to it not respecting user file upload limits. Moodle versions 3.10 to 3.10.3, 3.9 to 3.9.6, 3.8 to 3.8.8, 3.5 to 3.5.17 and earlier unsupported versions are affected.
Remediation
References
Related Vulnerabilities
WordPress Plugin Titan Framework Cross-Site Scripting (1.5.2)
WordPress Plugin Admin Custom Login Cross-Site Request Forgery (3.2.7)
Sqlite NULL Pointer Dereference Vulnerability (CVE-2019-19923)
RubyGems Improper Verification of Cryptographic Signature Vulnerability (CVE-2018-1000076)
WordPress Plugin Hunk External Links Cross-Site Scripting (3.0.5)