← Back

Instructure

instructure

2 CVEs • 1 product

Products (1)

Click to collapse
Toggle
Canvas Learning Management Service
canvas_learning_management_service
2 CVEs

CVEs (2)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2021-36539
1Instructure
1Canvas Learning Management Service
Nov 21, 2024
Jan 26, 2023
N/A· v4
6.5 MEDIUM· v3
N/A· v2
Instructure Canvas LMS didn't properly deny access to locked/unpublished files when the unprivileged user access the DocViewer based file preview URL (canvadoc_session_url).
CVE-2020-5775
1Instructure
1Canvas Learning Management Service
Nov 21, 2024
Aug 21, 2020
N/A· v4
5.8 MEDIUM· v3
5.0 MEDIUM· v2
Server-Side Request Forgery in Canvas LMS 2020-07-29 allows a remote, unauthenticated attacker to cause the Canvas application to perform HTTP GET requests to arbitrary domains.