{"id":"CVE-2021-20185","details":"It was found in Moodle before version 3.10.1, 3.9.4, 3.8.7 and 3.5.16 that messaging did not impose a character limit when sending messages, which could result in client-side (browser) denial of service for users receiving very large messages.","aliases":["BIT-moodle-2021-20185","GHSA-c3j6-33r4-89q3"],"modified":"2026-02-21T01:09:19.716927Z","published":"2021-01-28T20:15:13.133Z","references":[{"type":"ADVISORY","url":"https://moodle.org/mod/forum/discuss.php?d=417168"},{"type":"FIX","url":"https://moodle.org/mod/forum/discuss.php?d=417168"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/moodle/moodle","events":[{"introduced":"46574904afd39578fa4146bf1fc5c401ac680aa6"},{"fixed":"bbf242efb086307a0af9367d6caea08649b261d1"},{"introduced":"500c131eb49771e36f68d151dfa37fef5a9bc2df"},{"fixed":"de301d4237c42ddd0d4ae7395e663b8457943727"},{"introduced":"f968cd44e8ee5d54b1bc56823040ff770dbf18af"},{"fixed":"323c12674aa74d327ded9f5e44458cd5d1aea174"}]}],"versions":["v3.5.0","v3.5.1","v3.5.10","v3.5.11","v3.5.12","v3.5.13","v3.5.14","v3.5.15","v3.5.2","v3.5.3","v3.5.4","v3.5.5","v3.5.6","v3.5.7","v3.5.8","v3.5.9","v3.6.0","v3.6.0-beta","v3.6.0-rc1","v3.6.0-rc2","v3.6.0-rc3","v3.7.0","v3.7.0-beta","v3.7.0-rc1","v3.7.0-rc2","v3.8.0","v3.8.0-beta","v3.8.0-rc1","v3.8.1","v3.8.2","v3.8.3","v3.8.4","v3.8.5","v3.8.6","v3.9.0","v3.9.0-beta","v3.9.0-rc1","v3.9.0-rc2","v3.9.0-rc3","v3.9.1","v3.9.2","v3.9.3"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-20185.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}]}