Latest version: v17.0.4
| CVE/PVE | Vulnerability ID | Advisory | Affected versions | Severity | Severity Score |
|---|---|---|---|---|---|
| CVE-2019-19844 | 49779 |
Tutor 3.9.0 includes security patches for the 'Django' underlying dep… |
|
CRITICAL | 9.8 |
| CVE-2019-14232 | 49774 |
Tutor 3.9.0 includes security patches for the 'Django' underlying dep… |
|
HIGH | 7.5 |
| CVE-2019-14235 | 49777 |
Tutor 3.9.0 includes security patches for the 'Django' underlying dep… |
|
HIGH | 7.5 |
| CVE-2019-12781 | 49773 |
Tutor 3.9.0 includes security patches for the 'Django' underlying dep… |
|
MEDIUM | 5.3 |
| CVE-2019-14233 | 49775 |
Tutor 3.9.0 includes security patches for the 'Django' underlying dep… |
|
HIGH | 7.5 |
| CVE-2019-12308 | 40921 |
Tutor 3.9.0 includes security patches for the 'Django' underlying dep… |
|
MEDIUM | 6.1 |
| CVE-2019-14234 | 49776 |
Tutor 3.9.0 includes security patches for the 'Django' underlying dep… |
|
CRITICAL | 9.8 |
| CVE-2019-19118 | 49778 |
Tutor 3.9.0 includes security patches for the 'Django' underlying dep… |
|
MEDIUM | 6.5 |
| PVE-2021-40922 | 40922 |
Tutor 3.6.3 fixes a template injection vulnerability in 'CustomTagMod… |
|
HIDDEN | X.Y |
| PVE-2021-40923 | 40923 |
Tutor 3.6.0 fixes insecure static asset loading when web proxy is ena… |
|
- | - |
| CVE-2019-20513 | 40924 |
Tutor 3.5.2 includes a fix for an XSS vulnerability affecting 'edx-pl… |
|
MEDIUM | 6.1 |
| CVE-2019-10906 | 40925 |
Tutor 3.3.5 updates the 'Jinja2' underlying dependency to v2.10.1 to … |
|
HIGH | 8.6 |
| PVE-2021-40920 | 40920 |
Tutor 3.12.3 applies most recent security patches for the 'edx-platfo… |
|
- | - |
| CVE-2023-23611 | 53221 |
Tutor 15.3.0 includes a fix for CVE-2023-23611: Any LTI tool that is… |
|
MEDIUM | 5.4 |
| PVE-2022-52099 | 52099 |
Tutor 14.2.2 fixes a XSS vulnerability in drag-n-drop v2 xblock. ht… |
|
- | - |
| PVE-2022-51649 | 51649 |
Tutor 14.1.2 includes a fix for an XSS vulnerability on "next" parame… |
|
- | - |
| PVE-2022-51540 | 51540 |
Tutor 14.1.1 fixes a vulnerability in xblock ajax handler. https://g… |
|
- | - |
| PVE-2022-49260 | 49260 |
Tutor 13.3.0 applies a security fix in logout redirect urls. https:/… |
|
- | - |
| PVE-2022-48258 | 48258 |
Tutor 13.2.0 fixes a rate limiting bypass vulnerability that was poss… |
|
- | - |
| PVE-2022-48012 | 48012 |
Tutor 13.1.9 fixes an open redirect vulnerability in inactive user fl… |
|
- | - |
| PVE-2022-44885 | 44885 |
Tutor 13.1.4 fixes vulnerability in redirect url during authenticatio… |
|
- | - |
| PVE-2022-44747 | 44747 |
Tutor 13.1.3 fixes an invalid enrollment vulnerability. https://gith… |
|
- | - |
| PVE-2022-48110 | 48110 |
Tutor 13.1.11 fixes a vulnerability in SAML configuration. https://g… |
|
- | - |
| PVE-2021-43583 | 43583 |
Tutor 13.0.0 converts all NodePort services to ClusterIP resources so… |
|
- | - |
| PVE-2021-41730 | 41730 |
Tutor 12.0.4 applies security patch. https://github.com/edx/edx-plat… |
|
- | - |
| PVE-2021-40907 | 40907 |
Tutor 11.2.7 applies a security patch for the 'edx-platform' underlyi… |
|
- | - |
| PVE-2021-40908 | 40908 |
Tutor 11.2.2 includes a security patch for the 'edx-platform' underly… |
|
- | - |
| CVE-2021-32052 | 40906 |
Tutor 11.2.10 applies security patches for the 'Django' dependency by… |
|
MEDIUM | 6.1 |
| CVE-2021-31542 | 49771 |
Tutor 11.2.10 applies security patches for the 'Django' dependency by… |
|
HIGH | 7.5 |
| CVE-2021-28658 | 49772 |
Tutor 11.2.10 applies security patches for the 'Django' dependency by… |
|
MEDIUM | 5.3 |
| PVE-2021-40909 | 40909 |
Tutor 11.1.5 includes security patch for the 'edx-platform' underlyin… |
|
- | - |
| PVE-2021-40910 | 40910 |
Tutor 11.1.4 applies a security patch for the 'edx-platform' underlyi… |
|
- | - |
| PVE-2021-40911 | 40911 |
Tutor 11.1.3 includes a security patch for the 'edx-platform' underly… |
|
- | - |
| PVE-2021-40912 | 40912 |
Tutor 11.1.1 includes a security patch for the 'edx-platform' underly… |
|
- | - |
| PVE-2021-40913 | 40913 |
Tutor 11.0.7 includes a security patch for the 'edx-platform' underly… |
|
- | - |
| PVE-2021-40914 | 40914 |
Tutor 11.0.6 applies a security patch for the 'edx-platform' underlyi… |
|
- | - |
| PVE-2021-40915 | 40915 |
Tutor 11.0.1 applies a security patch for the 'edx-platform' underlyi… |
|
- | - |
| PVE-2021-40916 | 40916 |
Tutor 10.5.3 applies upstream security patch for the 'edx-platform' u… |
|
- | - |
| PVE-2021-40917 | 40917 |
Tutor 10.2.0 includes a security patch for JavaScript code in the 'ed… |
|
- | - |
| PVE-2021-40918 | 40918 |
Tutor 10.1.0 includes upstream XSS security fixes for the 'edx-platfo… |
|
- | - |
| PVE-2021-40919 | 40919 |
Tutor 10.0.5 applies upstream XSS security fixes for the 'edx-platfor… |
|
- | - |