The decompressed size of zip files was not checked against available user quota before unzipping them, which could lead to a denial of service risk.
|Versions affected:||3.9 to 3.9.1, 3.8 to 3.8.4, 3.7 to 3.7.7, 3.5 to 3.5.13 and earlier unsupported versions|
|Versions fixed:||3.9.2, 3.8.5, 3.7.8 and 3.5.14|
|Reported by:||Ivan Novichkov|
|Tracker issue:||MDL-65115 Denial of service risk in file picker unzip functionality|