9 matches found
EUVD-2024-50520
Malicious code in bioql PyPI...
CVE-2024-52584
Autolab is a course management service that enables auto-graded programming assignments. There is a vulnerability in version 3.0.1 where CAs can view or edit the grade for any submission ID, even if they are not a CA for the class that has the submission. The endpoints only check that the CAs hav...
CVE-2024-49376
Autolab, a course management service that enables auto-graded programming assignments, has misconfigured reset password permissions in version 3.0.0. For email-based accounts, users with insufficient privileges could reset and theoretically access privileged users' accounts by resetting their...
CVE-2024-53260
Autolab is a course management service that enables auto-graded programming assignments. A user can modify their first and or last name to include a valid excel / spreadsheet formula. When an instructor downloads their course's roster and opens, this name will then be evaluated as a formula. This...
CVE-2022-41955
Autolab is a course management service, initially developed by a team of students at Carnegie Mellon University, that enables instructors to offer autograded programming assignments to their students over the Web. A remote code execution vulnerability was discovered in Autolab's MOSS functionalit...
CVE-2024-53260 Course Roster vulnerable to CSV Injection in Autolab
Autolab is a course management service that enables auto-graded programming assignments. A user can modify their first and or last name to include a valid excel / spreadsheet formula. When an instructor downloads their course's roster and opens, this name will then be evaluated as a formula. This...
CVE-2024-52584 Autolab has vulnerable submission endpoints
Autolab is a course management service that enables auto-graded programming assignments. There is a vulnerability in version 3.0.1 where CAs can view or edit the grade for any submission ID, even if they are not a CA for the class that has the submission. The endpoints only check that the CAs hav...
CVE-2023-32317
Autolab’s CVE-2023-32317 describes a tar-slip vulnerability in the MOSS cheat checker. An authenticated instructor can upload a crafted tar file via either the Base File Tar or Additional file archive inputs, causing expansion of archive contents to attacker-controlled paths (e.g., ../../../../tm...
Autolab path traversal vulnerability
Autolab is a course management service. Autolab supports automatic grading of programming assignments. a path traversal vulnerability exists in Autolab. An attacker could exploit this vulnerability to view the contents of a file...