8 matches found
CVE-2023-32317
Autolab is a course management service that enables auto-graded programming assignments. A Tar slip vulnerability was found in the MOSS cheat checker functionality of Autolab. To exploit this vulnerability an authenticated attacker with instructor permissions needs to upload a specially crafted T...
CVE-2024-12216
The CVE-2024-12216 issue affects dmlc/gluon-cv 0.10.0, specifically ImageClassificationDataset.from_csv(). The vulnerability arises because tar.gz files downloaded from URLs are extracted without proper sanitization, enabling TarSlip via path traversal or faked symlinks to overwrite arbitrary fil...
GHSA-CWRH-575J-8VR3 Karmada Tar Slips in CRDs archive extraction
Impact What kind of vulnerability is it? Who is impacted? Both in karmadactl and karmada-operator, it is possible to supply a filesystem path, or an HTTPs URL to retrieve the custom resource definitionsCRDs needed by karmada. The CRDs are downloaded as a gzipped tarfile and are vulnerable to a...
CVE-2023-32676
Autolab is a course management service that enables auto-graded programming assignments. A Tar slip vulnerability was found in the Install assessment functionality of Autolab. To exploit this vulnerability an authenticated attacker with instructor permissions needs to upload a specially crafted T...
Code injection
Autolab is a course management service that enables auto-graded programming assignments. A Tar slip vulnerability was found in the Install assessment functionality of Autolab. To exploit this vulnerability an authenticated attacker with instructor permissions needs to upload a specially crafted T...
CVE-2023-32676 Autolab tar slip in Install Assessment functionality (`GHSL-2023-081`)
Autolab is a course management service that enables auto-graded programming assignments. A Tar slip vulnerability was found in the Install assessment functionality of Autolab. To exploit this vulnerability an authenticated attacker with instructor permissions needs to upload a specially crafted T...
CVE-2023-32317 Autolab tar slip in cheat checker functionality (`GHSL-2023-082`)
Autolab is a course management service that enables auto-graded programming assignments. A Tar slip vulnerability was found in the MOSS cheat checker functionality of Autolab. To exploit this vulnerability an authenticated attacker with instructor permissions needs to upload a specially crafted T...
Autolab 路径遍历漏洞
Autolab is a course management service. It supports automatically graded programming assignments. A security vulnerability exists in Autolab version 2.10.0 and earlier, which stems from a Tar slip vulnerability found in Autolab's Installation Evaluation feature, which can be exploited by an...