CVE 2021-36396

In Moodle, insufficient redirect handling made it possible to blindly bypass cURL blocked hosts/allowed ports restrictions, resulting in a blind SSRF risk.

See the CVE page on Mitre.org for more details.