QwikSec

Security Database

CVE

CWE

Training

CVE-2024-52585

Published: Nov 18, 2024

Modified: Nov 21, 2024

PUBLISHED

Description

Autolab is a course management service that enables auto-graded programming assignments. There is an HTML injection vulnerability in version 3.0.1 that can affect instructors and CAs on the grade submissions page. The issue is patched in version 3.0.2. One may apply the patch manually by editing line 589 on `gradesheet.js.erb` to take in feedback as text rather than html.

Vendor	Product	Versions
autolab	Autolab	affected `= 3.0.1`

Weaknesses (CWE)

References

https://github.com/autolab/Autolab/security/advisories/GHSA-8qhp-jhhw-45r2

x_refsource_CONFIRM

https://github.com/autolab/Autolab/commit/2429983b6caa245fea1b37f0dc236ccbcad9554c

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.